[jira] [Created] (DISPATCH-1784) HTTP1.x adaptor does not handle folded header lines

Thu, 01 Oct 2020 08:07:59 -0700 

Ken Giusti created DISPATCH-1784:
------------------------------------

             Summary: HTTP1.x adaptor does not handle folded header lines
                 Key: DISPATCH-1784
                 URL: https://issues.apache.org/jira/browse/DISPATCH-1784
             Project: Qpid Dispatch
          Issue Type: Bug
          Components: Protocol Adaptors
    Affects Versions: 1.15.0
            Reporter: Ken Giusti
            Assignee: Ken Giusti
             Fix For: Backlog


The HTTP1/x codec does not recognize headers that are "folded" as described in 
RFC1945 (HTTP/1.0 - see below) and produces undefined behavior (garbled 
headers) if encountered in the input stream.

 

The codec needs to handle folded headers gracefully.  At minimum reject (400 
"Bad Request") requests, but ideally simply remove the folding as described 
below.

 

>From RFC1945:

 
{quote}HTTP/1.0 headers may be folded onto multiple lines if each continuation 
line begins with a space or horizontal tab. All linear whitespace, including 
folding, has the same semantics as SP. LWS = [CRLF] 1*( SP | HT ) However, 
folding of header lines is not expected by some applications, and should not be 
generated by HTTP/1.0 applications.
{quote}
 

>From RFC7230:

 
{quote}Historically, HTTP header field values could be extended over multiple 
lines by preceding each extra line with at least one space or horizontal tab 
(obs-fold). This specification deprecates such line folding except within the 
message/http media type...
{quote}
 
{quote}A server that receives an obs-fold in a request message that is not 
within a message/http container MUST either reject the message by sending a 400 
(Bad Request), preferably with a representation explaining that obsolete line 
folding is unacceptable, or replace each received obs-fold with one or more SP 
octets prior to interpreting the field value or forwarding the message 
downstream...
{quote}
 
{quote}A user agent that receives an obs-fold in a response message that is not 
within a message/http container MUST replace each received obs-fold with one or 
more SP octets prior to interpreting the field value.
{quote}
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to