Skip to content

net/http: remove support for continuation lines in header parsing #14060

Closed
@bradfitz

Description

@bradfitz

Apparently HTTP gave up on some old loose parsing rules at some point and got stricter. The spec now says that HTTP field continuation lines (those starting with a space or tab) like this:

http://play.golang.org/p/2MmjLz7eqg

GET / HTTP/1.1
Foo: bar
 and a continuation line
Another: this one without

... are illegal now, per https://tools.ietf.org/html/rfc7230#section-3.2.4:

Historically, HTTP header field values could be extended over
multiple lines by preceding each extra line with at least one space
or horizontal tab (obs-fold). This specification deprecates such
line folding except within the message/http media type
(Section 8.3.1). A sender MUST NOT generate a message that includes
line folding (i.e., that has any field-value that contains a match to
the obs-fold rule) unless the message is intended for packaging
within the message/http media type.

Likewise in that section, space before colon is disallowed now, which we accept: http://play.golang.org/p/hCA3o7q-tb

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions