On Fri, Oct 14, 2016 at 3:48 PM, <[email protected]> wrote:
> Author: wrowe
> Date: Fri Oct 14 20:48:43 2016
> New Revision: 1764961
>
> URL: http://svn.apache.org/viewvc?rev=1764961&view=rev
> Log:
> [...]
> Apply HttpProtocolOptions Strict to chunk header parsing, invalid
> whitespace is invalid, line termination must follow CRLF convention.
>
> [...]
> static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
> [...]
> - else if (c == ' ' || c == '\t') {
> + else if (!strict && (c == ' ' || c == '\t')) {
> /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3).
> */
> ctx->state = BODY_CHUNK_CR;
>
I'm not sure where this myth came from...
https://tools.ietf.org/html/rfc7230#section-4.1
has *NO* provision for BWS in the chunk size.
