Breaking a header over multiple lines is every HTTP-server God's given right (and by God I mean the folks who wrote HTTP, most of which actually consider themselves at that level). Anything that is sent over an HTTP header can be broken into multiple lines, and I don't think you can forbid it for any specific header (since the parser processes the header before taking a look at each headers' label).
If your HTTP client is broken in such a stupid way, I suggest you use something else. But not being able to handle headers over multiple lines is pretty bad. EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Blaine Cook > Sent: Monday, February 23, 2009 4:39 AM > To: [email protected] > Subject: [oauth] Re: auth header being truncated when return characters > are used? > > > Ahh, ok - fair enough. Even if it's allowed by the HTTP spec, I would > be weary of spreading a header across multiple lines. ;-) RFC 2617 > doesn't explicitly allow newlines, and as such there's a good chance > that web servers or clients with special handling of Authorization > headers will trip up, so I think we should try to be conservative as > far as OAuth is concerned. > > b. > > On Mon, Feb 23, 2009 at 9:30 AM, Marc Worrell <[email protected]> wrote: > > > > On 23 feb 2009, at 10:10, Blaine Cook wrote: > > > > Thanks! Just to clarify in case others encounter this problem, the > > > > Authorization header is intended to be on a single line, and does not > > > > include newlines or carriage returns. > > > > > > Hi Blaine, > > > > Why do you say that it is intended to be on one line? > > The HTTP/1.1 spec states very clearly that any header can be folded > onto > > multiple lines. > > Just wondering :-) > > > > - Marc > > > > > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 > > > > HTTP/1.1 header field values can be folded onto multiple lines if the > > continuation line begins with a space or horizontal tab. All linear > white > > space, including folding, has the same semantics as SP. A recipient > MAY > > replace any linear white space with a single SP before interpreting > the > > field value or forwarding the message downstream. > > > > LWS = [CRLF] 1*( SP | HT ) > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
