On Mon, Jun 15, 2015 at 12:33 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> Reviewing the spec, I cannot find where Sambar server is permitted to > insert whitespace. I further reviewed the ABNF appendix, and it does not > appear there, either. > > The spec seems unambiguous; > > chunk = chunk-size [ chunk-ext ] CRLF > chunk-data CRLF > chunk-size = 1*HEXDIG > last-chunk = 1*("0") [ chunk-ext ] CRLF > > > There is no opportunity to use whitespace outside of chunk-ext. > > > chunk-ext = *( ";" chunk-ext-name [ "=" chunk-ext-val ] ) > chunk-ext-name = token > chunk-ext-val = token / quoted-string > > > The rules in section 3.2.3 have become extremely strict; > > > 3.2.3 <https://tools.ietf.org/html/rfc7230#section-3.2.3>. Whitespace > > This specification uses three rules to denote the use of linear > whitespace: OWS (optional whitespace), RWS (required whitespace), and > BWS ("bad" whitespace). > > The OWS rule is used where zero or more linear whitespace octets > might appear. For protocol elements where optional whitespace is > preferred to improve readability, a sender SHOULD generate the > optional whitespace as a single SP; otherwise, a sender SHOULD NOT > generate optional whitespace except as needed to white out invalid or > unwanted protocol elements during in-place message filtering. > > The RWS rule is used when at least one linear whitespace octet is > required to separate field tokens. A sender SHOULD generate RWS as a > single SP. > > The BWS rule is used where the grammar allows optional whitespace > only for historical reasons. A sender MUST NOT generate BWS in > messages. A recipient MUST parse for such bad whitespace and remove > it before interpreting the protocol element. > > > And section 3.6.1 of RFC2616 made no accommodation for whitespace, in the > first place. > > > I think Sambar is wrong and we should not be supporting this. > > > If we make provision to support this, we should be disallowing > > by default and add a directive to change the behavior. > > > Thoughts? > > 1.3 (or 1.3-based servers) put whitespace there. 1.3.x, 2.0.x, 2.2.x, and 2.4.x (for all released x so far) accepts whitespace there. We can't change that by default in a stable branch. This could be perhaps implemented in conjunction with sf's HttpStrict (?) stuff in trunk (I have no clue what that does in practice, but it sounds right). -- Born in Roswell... married an alien... http://emptyhammock.com/