On 04/14/2015 01:21 PM, Nick Kew wrote:
Damn, I'm getting behind with my RFCs. Yes, that seems to support your
position, though it's not entirely clear whether the server or proxy
rules should apply (the CGI script is the origin server and never
receives the whitespace, while HTTPD's role is as a proxy between the
HTTP and CGI protocols).
I would say the server rules should apply as HTTPD's role as a proxy
between HTTP and CGI is not pure HTTP proxy it's an HTTP to CGI proxy.
No, that's talking about invalid characters within a header.
Not the same as trailing whitespace being stripped.
My mistake.
That seems to me pretty clearly a defect in GGSN, whose header
it is that's affected.
Do you mean GGSN should identify an invalid header as such and remove it
from the request before forwarding it?
Yet it MUST return 400 (if we accept that rule applies to HTTPD
then it applies equally to $other-agent), and is creating a
defect for itself. Whoops!
I didn't fully get the idea, sorry. Can you explain in more details?
Have you test-driven any other web server or proxy software with this?
No I didn't. I'll see what I can do with it.
Thanks,
--
George Chelidze
