You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ken Giusti (Jira)" <ji...@apache.org> on 2020/10/01 15:08:00 UTC

[jira] [Updated] (DISPATCH-1784) HTTP1.x adaptor does not handle folded header lines

     [ https://issues.apache.org/jira/browse/DISPATCH-1784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ken Giusti updated DISPATCH-1784:
---------------------------------
    Labels: HTTP/1.x  (was: )

> HTTP1.x adaptor does not handle folded header lines
> ---------------------------------------------------
>
>                 Key: DISPATCH-1784
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1784
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Protocol Adaptors
>    Affects Versions: 1.15.0
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>            Priority: Major
>              Labels: HTTP/1.x
>             Fix For: Backlog
>
>
> The HTTP1/x codec does not recognize headers that are "folded" as described in RFC1945 (HTTP/1.0 - see below) and produces undefined behavior (garbled headers) if encountered in the input stream.
>  
> The codec needs to handle folded headers gracefully.  At minimum reject (400 "Bad Request") requests, but ideally simply remove the folding as described below.
>  
> From RFC1945:
>  
> {quote}HTTP/1.0 headers may be folded onto multiple lines if each continuation line begins with a space or horizontal tab. All linear whitespace, including folding, has the same semantics as SP. LWS = [CRLF] 1*( SP | HT ) However, folding of header lines is not expected by some applications, and should not be generated by HTTP/1.0 applications.
> {quote}
>  
> From RFC7230:
>  
> {quote}Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type...
> {quote}
>  
> {quote}A server that receives an obs-fold in a request message that is not within a message/http container MUST either reject the message by sending a 400 (Bad Request), preferably with a representation explaining that obsolete line folding is unacceptable, or replace each received obs-fold with one or more SP octets prior to interpreting the field value or forwarding the message downstream...
> {quote}
>  
> {quote}A user agent that receives an obs-fold in a response message that is not within a message/http container MUST replace each received obs-fold with one or more SP octets prior to interpreting the field value.
> {quote}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org