On Fri, Jan 6, 2017 at 11:44 AM, Eric Covener <cove...@gmail.com> wrote: > On Fri, Jan 6, 2017 at 12:06 PM, Jacob Champion <champio...@gmail.com> wrote: >>> Modified: >>> httpd/httpd/trunk/modules/http/http_filters.c >>> >>> Modified: httpd/httpd/trunk/modules/http/http_filters.c >>> URL: >>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1777460&r1=1777459&r2=1777460&view=diff >>> >>> ============================================================================== >>> [...] >>> @@ -683,8 +726,10 @@ static APR_INLINE int check_headers(requ >>> >>> ctx.r = r; >>> ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); >>> - return apr_table_do(check_header, &ctx, r->headers_out, NULL) && >>> - apr_table_do(check_header, &ctx, r->err_headers_out, NULL); >>> + ctx.unfold = (!r->content_type || strncmp(r->content_type, >>> + "message/http", 12)); >> >> >> I don't think this unfolding exception should exist, at least not in this >> part of the code. My reading of 7230 is not that folded headers are allowed >> when the Content-Type is message/http, but rather that folded headers are >> allowed *inside* the message/http payload body: >> >> This specification deprecates such >> line folding except within the message/http media type >> (Section 8.3.1). A sender MUST NOT generate a message that includes >> line folding (i.e., that has any field-value that contains a match to >> the obs-fold rule) unless the message is intended for packaging >> within the message/http media type. >> >> IOW, the message/http payload body is allowed to be line-length limited, I >> assume because it's a message/* media type. But that doesn't apply to the >> HTTP-level headers. > > I think you're right.
This is correct. As a deprecation, it is an absolute prohibition against sending obs-fold as HTTP protocol bytes. It is -not- a prohibition against receiving an obs-fold from an earlier generation HTTP server. So this change ensure that a legacy app server generating obs-folds will not be passed on to a server. If you wanted to generate message/http media, you would filter the content on line length to fold it appropriately. The origin server or app's preferences are irrelevant. I believe Yann's approach is correct.
