Hello! On Thu, Jul 11, 2013 at 08:38:47AM +0900, Hiroaki Nakamura wrote:
> Hi, > > 2013/7/10 Maxim Dounin <mdou...@mdounin.ru>: > > Hello! > > > > On Wed, Jul 10, 2013 at 10:47:35PM +0900, Hiroaki Nakamura wrote: > > > >> Hi all, > >> > >> I found nginx rejects request methods with hyphens like > >> VERSION-CONTROL with the status code 400. > >> I got the following debug log: > >> > >> 2013/07/10 13:55:29 [info] 79048#0: *4 client sent invalid method > >> while reading client request line, client: 127.0.0.1, server: > >> localhost, request: "VERSION-CONTROL / HTTP/1.1" > >> 2013/07/10 13:55:29 [debug] 79048#0: *4 http finalize request: 400, "?" > >> a:1, c:1 > > > > Is it a method used by some real-world software? > > VERSION-CONTROL is defined in the Versioning Extensions to WebDAV spec. > http://www.webdav.org/specs/rfc3253.html The question still applies. [...] > > As of now nginx rejects anything which isn't uppercase latin > > letters (or underscore) as syntactically invalid (and hence 400). > > According to RFC2616, any CHAR except CTLs or separators is > syntactically valid. For sure. But it doesn't mean that (more strict) syntax rules as applied by nginx needs to be changed (unless there is a good reason). > > I don't think that current behaviour should be changed unless > > there are good reasons to. If there are good reasons, we probably > > should do something similar to underscores_in_headers, see > > http://nginx.org/r/underscores_in_headers. > > I would like to use limit_except to accept only HEAD, GET and POST methods, > and return 405 (Method Not Allowed) or 501 (Not Implemented) for the > other methods. > Is this a good reason? Doesn't looks like a good reason for me. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
