The method fast_forward_to_first_boundary of the multipart parser: rack / lib / rack / multipart / parser.rb fails to find boundary if it is is terminated by "\n" (not the EOL = "\r\n"). As a result the parts of request cannot be identified at all. Is it intended behaviour?
The following line is affected:
return if read_buffer == full_boundary
AFAICT the HTTP RFC enforces use of CRLF.
Well, I totally agree. Just for your consideration - although being strict is great when you are the active side (client) of the protocol, a rigor on the passive side (server) may cause some clients (not so well implemented) not fuctioning - eg. I failed using http://restclient.net/. The reason of failure is not so easy to detect while debugging the request processing flow.
The problem is that lax handling of line terminators opens the door to a lot of injection attacks.
Perhaps you can run your Rack app behind a web server that sanitizes such things?
Heroku folks can't. I spoke with Terrence about this again today, but I'm not sure if it'll happen soon. We ideally should handle most inputs in a sane way.
I'll consider it.
I'm glad to hear that. Thanks for updating the thread.