HTAB is incorrectly rejected within the OWS in header fields #187
Description
Environment
Debian 12, Linux 6.10.2
Nginx built from source at 00637cc.
Description
From RFC 9112:
field-line = field-name ":" OWS field-value OWS
From RFC 9110:
OWS = *( SP / HTAB )
The RFCs require that HTTP headers allow both spaces and tabs in the optional whitespace before a header value.
Nginx allows only spaces in this context, and incorrectly disallows tabs.
Steps to reproduce
- Set up Nginx. I'll be using the container specified here, but this bug is independent of config, so feel free to use whatever configuration you want.
- Send a request that uses a tab in the whitespace in the Host header.
printf 'GET / HTTP/1.1\r\nHost:\twhatever\r\n\r\n' | nc localhost 80- Observe that you get a 400.
HTTP/1.1 400 Bad Request
Server: nginx/1.27.2
Date: Sun, 15 Sep 2024 00:09:24 GMT
Content-Type: text/html
Content-Length: 157
Connection: close
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.27.2</center>
</body>
</html>
- Change the tab to a space, then resend the request:
printf 'GET / HTTP/1.1\r\nHost: whatever\r\n\r\n' | nc localhost 80
- Observe that you get the expected response:
HTTP/1.1 200 OK
Server: nginx/1.27.2
Date: Sun, 15 Sep 2024 00:32:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
9d
{"headers":[["SG9zdA==","d2hhdGV2ZXI="],["Q29udGVudC1MZW5ndGg=",""],["Q29udGVudC1UeXBl",""]],"body":"","method":"R0VU","uri":"Lw==","version":"SFRUUC8xLjE="}
0
These two requests are equivalent per the RFCs, and should therefore get the same response.