On Tue, 2015-04-14 at 10:09 +0400, George Chelidze wrote: > Hello, > > According to the rfc822#section-3.2, SPACE character is not allowed in > the header field name.
"Be liberal in what you accept". Stripping whitespace between a field name and a colon looks to me like a reasonable thing to do. Unless you're suggesting it could somehow become a security issue? > Is there any reason to not ignore a header with the trailing space in > the field name and pass it to the CGI environment? Surely rather than ignore it, you'd want to return 400 if you don't accept current behaviour? -- Nick Kew
