kenballus commented on issue #12195: URL: https://github.com/apache/trafficserver/issues/12195#issuecomment-3487512190
> Hi, > > I’ve noticed that Apache Traffic Server (tested on v10.2.0) forwards request headers containing extra carriage returns (\r) exactly as received, instead of normalizing them. > > Example: Sending this request: > > GET / HTTP/1.1\r\n Host: echo\r\n Extra-CRs: \r\r\r\r\n \r\n > > results in ATS forwarding: > > GET / HTTP/1.1\r\n Host: echo\r\n Extra-CRs: \r\r\r\r\n Client-ip: 172.18.0.1\r\n X-Forwarded-For: 172.18.0.1\r\n Via: http/1.1 traffic_server[a24326f7-ff3b-4679-9801-53028b257033] (ApacheTrafficServer/10.2.0)\r\n \r\n > > The interesting bit is that the extra carriage returns are preserved — unless there are 4 or more, in which case ATS normalizes them away. > > I wanted to report this because it could have implications for header parsing, normalization, or downstream server behavior. > > If this isn’t intended behavior, I’d be happy to investigate and submit a patch or test case. Could you please confirm if this is reproducible on your end and whether it should be addressed? Isn't this just exactly what I said in April? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
