Peter Van Biesen wrote:
> I've sent a patch doing the same some time ago, but it was not accepted
> so don't get your hopes up ;-).
The big problem is that the code is starting to be so lenient it is
getting silly.
If a bogus header comes along (ie a header without a ":" in it) it is
relatively safe and easy to throw it away and ignore that specific
header. AFAIK there is code in there that already does that, and if it
doesn't such a change should not be too hard to put in.
However, the blank line after the headers is the key indicator that the
headers are finished and the body is starting. If a server out there
"forgets" this blank line, there is no way we can reliably tell that the
headers have ended, which means we are probably going to be sending
garbage to the downstream browser as a result anyway.
The above two cases of brokenness are mutually exclusive. If a
non-header is encountered when a header is expected, we have the choice
of either assuming it's a header and ignoring it, or assuming the
headers are over and starting the body. We cannot do both at the same time.
What's more there is a feeling out there that it is Apache's
responsiblity to "fix" all the broken servers out there. I believe it is
not. It makes sense to be lenient in what we accept, but to accept any
old rubbish given to us is just wrong.
Hopefully this explains the reasons why some of the patches have not
been committed.
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
