On Mon, Mar 05, 2018 at 11:11:08AM +0800, Haitao Lv wrote:
[...]
> > @@ -145,10 +152,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r,
> > ngx_buf_t *b)
> > case sw_start:
> > r->request_start = p;
> >
> > - if (ch == CR || ch == LF) {
> > - break;
> > - }
> > -
>
> I think Nginx should not allow any leading \r or \n. HTTP client should never
> send this chars
> before the request line. Support this feature makes the buffer management
> more harder.
https://tools.ietf.org/html/rfc2616#section-4.1
In the interest of robustness, servers SHOULD ignore any empty
line(s) received where a Request-Line is expected. In other words, if
the server is reading the protocol stream at the beginning of a
message and receives a CRLF first, it should ignore the CRLF.
https://tools.ietf.org/html/rfc7230#section-3.5
In the interest of robustness, a server that is expecting to receive
and parse a request-line SHOULD ignore at least one empty line (CRLF)
received prior to the request-line.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
