You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2020/05/15 07:10:38 UTC

[GitHub] [trafficserver] garfieldonly opened a new issue #6793: According to RFC7230:3.2.4,whitespace in repsonse header fieldname should be removed,not just return parse error

garfieldonly opened a new issue #6793:
URL: https://github.com/apache/trafficserver/issues/6793


   In the commit below
   https://github.com/apache/trafficserver/commit/08512deb11a610ae7084ce678b19bd637e30b3e1
   
   we treat it as parse error while we found white space between field name and colon.
   It's right when we found ws in request.
   However,we should remove white space when we found it in response.
   
   `No whitespace is allowed between the header field-name and colon.  In
      the past, differences in the handling of such whitespace have led to
      security vulnerabilities in request routing and response handling.  A
      server MUST reject any received request message that contains
      whitespace between a header field-name and colon with a response code
      of 400 (Bad Request).  A proxy MUST remove any such whitespace from a
      response message before forwarding the message downstream.`
   
   @oknet @bryancall 
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] oknet closed issue #6793: According to RFC7230:3.2.4,whitespace in repsonse header fieldname should be removed,not just return parse error

Posted by GitBox <gi...@apache.org>.

oknet closed issue #6793:
URL: https://github.com/apache/trafficserver/issues/6793


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] oknet commented on issue #6793: According to RFC7230:3.2.4,whitespace in repsonse header fieldname should be removed,not just return parse error

Posted by GitBox <gi...@apache.org>.

oknet commented on issue #6793:
URL: https://github.com/apache/trafficserver/issues/6793#issuecomment-629151295


   Link to #3192


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org