Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection header comparisons should be case insensitive #81

Closed
defunerik opened this issue Jul 27, 2012 · 3 comments
Closed

Connection header comparisons should be case insensitive #81

defunerik opened this issue Jul 27, 2012 · 3 comments

Comments

@defunerik
Copy link

While tracking down a problem with a finicky client, I discovered that the client's "Connection: Close" header was being ignored by mochiweb. Upon inspection, the relevant function "mochiweb_request:do_close/0" is making an exact string comparison between the "connection" header value and the string "close". The HTTP/1.1 spec does not clearly state whether the "close" token should be considered case sensitive or not, but a close reading shows that it is case insensitive.

A recent post on stackoverflow, http://stackoverflow.com/questions/10953635/are-the-http-connection-header-values-case-sensitive, points out that the requirement that the connection header field can carry a header field name, and header field names being case insensitive themelves, does imply that it is case insensitive.

I haven not attached a fix, because I don't know how pervasive this might be. It is clear enough in mochiweb_request.erl, and indeed my own local patch which merely makes the string comparisons case insensitive has fixed my particular problem.
etrepum added a commit that referenced this issue Jul 28, 2012
@etrepum
bump to 2.3.2, Case insensitive match for "Connection: close" (#81)
9d205a8
@etrepum etrepum closed this as completed Jul 28, 2012
@defunerik
Copy link
Author

Thanks for the quick fix. Would this also not apply to the usage of the Connection header value when testing for "Keep-Alive", also conducted in present code with case sensitivity? Also implied in the language of the original report was that this issue may be more pervasive, since I suspect most clients are quite literal in their interpretation of the http spec, and even if a field is case insensitive, use the values literally cited in the spec. Thus they will tend to work wonderfully with case sensitive matches.

Other cases that I've found in a quick perusal of the uses of get_header_value:

mochiweb.erl, in body_length/0, value of transfer-encoding tested against "chunked" should be case insensitive
.., function stream_body/4, value of expect header should be case insensitive for 100-continue and other unquoted tokens

That said would you like to me to continue scanning through to find other cases, if any, or just leave it that the issue is to find all cases where there should be a case insensitive comparison?

@etrepum
Copy link
Member

etrepum commented Jul 28, 2012

Well nobody has ever reported a case where that matters, so I'm not inclined to go fix them all myself. You're welcome to find more them and submit a pull request that tests for it and fixes them.

@defunerik
Copy link
Author

Fair enough, thanks.

@beerriot beerriot mentioned this issue Jan 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@etrepum @defunerik