Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Whitspaces in header values #246

Closed
big-r81 opened this issue Aug 11, 2022 · 2 comments · Fixed by #247
Closed

Remove Whitspaces in header values #246

big-r81 opened this issue Aug 11, 2022 · 2 comments · Fixed by #247

Comments

@big-r81
Copy link
Contributor

big-r81 commented Aug 11, 2022

Hi,

send a example request with the following header like this:

curl -v --location 'http://127.0.0.1:15984/' --header 'X-Auth-Roles:      test, test2,test3,       test4,    test5     ,        test6     '

*   Trying 127.0.0.1:15984...
* Connected to 127.0.0.1 (127.0.0.1) port 15984 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:15984
> User-Agent: curl/7.74.0
> Accept: */*
> X-Auth-Roles:      test, test2,test3,       test4,    test5     ,        test6

The header is inserted and has the following data:

{"X-Auth-Roles","test, test2,test3,       test4,    test5     ,        test6     "}

RFC 7230 says:

A field value might be preceded and/or followed by optional
whitespace (OWS); a single SP preceding the field-value is preferred
for consistent readability by humans.  The field value does not
include any leading or trailing whitespace: OWS occurring before the
first non-whitespace octet of the field value or after the last
non-whitespace octet of the field value ought to be excluded by
parsers when extracting the field value from a header field.

So, I think the trailing WS from the above example should be defnitly removed before insertion and
reading the RFC the ws between the values of the header field should be trimmed with only on ws.

Result should be:

{"X-Auth-Roles","test, test2, test3, test4, test5, test6"}

On insertion (default/3, enter/3, insert/3) in mochiweb_headers.erl, nothing of the input is trimmed.
@rnewson
Copy link
Contributor

rnewson commented Aug 11, 2022

leading and trailing OWS should, imo, be removed by mochiweb. Internal whitespace should not be.

@big-r81
Copy link
Contributor Author

big-r81 commented Aug 11, 2022

Ok, thx, then I update my expected result (to be RFC compliant) to

{"X-Auth-Roles","test, test2,test3,       test4,    test5     ,        test6"}

@big-r81 big-r81 mentioned this issue Aug 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove leading and trailing whitespaces big-r81/mochiweb
2 participants
@rnewson @big-r81