To me, that's what 400 Bad Request is for. It's an invalid request; it should not be processed further.
--tq On Thu, Jan 15, 2015 at 5:09 PM, Daira Hopwood <da...@jacaranda.org> wrote: > On 13/01/15 06:09, Nils Dagsson Moskopp wrote: > > Repeated header lines in HTTP are only allowed if they can be combined > > as a legitimate comma-separated list value. See RFC 7320, Section 3.2.2: > > > >> A sender MUST NOT generate multiple header fields with the same field > >> name in a message unless either the entire field value for that > >> header field is defined as a comma-separated list [i.e., #(values)] > >> or the header field is a well-known exception (as noted below). > > > > <https://tools.ietf.org/html/rfc7230#section-3.2.2> > > This isn't sufficient because it doesn't say how a parser should interpret > noncompliant repeated header fields; only that a sender must not generate > them. > > -- > Daira Hopwood ⚥ > > > _______________________________________________ > langsec-discuss mailing list > langsec-discuss@mail.langsec.org > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > >
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
