You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/02/28 12:08:19 UTC
[Bug 60783] HttpProtocolOptions Directive' option Unsafe does not
allow legacy request formats
https://bz.apache.org/bugzilla/show_bug.cgi?id=60783
--- Comment #1 from Eric Covener <co...@gmail.com> ---
(In reply to reichl.pavel from comment #0)
> Hello,
>
> In 2.4.23 among others it was legal to use tabs as separator in request
> line, or to have SP or TAB between header name and colon. Neither of these
> works in 2.4.25 even with HttpProtocolOptions set to Unsafe.
>
> Docs say:
> ...
> Due to legacy modules, applications or custom user-agents which must be
> deprecated the Unsafe option has been added to revert to the legacy
> behaviors.
>
> So it would seem that we should get fully legacy behavior with this
> directive, or should not we?
>
No. It looks like the docs may have been reworded, but the design is not to
preserve all of the legacy parsing even under unsafe.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org