bryancall edited a comment on pull request #6794: URL: https://github.com/apache/trafficserver/pull/6794#issuecomment-629333642
For reference, this is in the issue, but nice to have here too: https://tools.ietf.org/html/rfc7230#section-3.2.4 > No whitespace is allowed between the header field-name and colon. In > the past, differences in the handling of such whitespace have led to > security vulnerabilities in request routing and response handling. A > server MUST reject any received request message that contains > whitespace between a header field-name and colon with a response code > of 400 (Bad Request). A proxy MUST remove any such whitespace from a > response message before forwarding the message downstream. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
