On Wed, Jan 4, 2017 at 7:21 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic <ylavic....@gmail.com> wrote: >> I'm using a (third-party/closed) module which replaces newlines in >> header values (like base64 encoded PEMs) with obs-fold. > > If we accept obs-fold from CGI, or internally within the > headers_out, we must > replace them with a single SP and conform to the spec on the wire.
What about either an optional filter, or simply plug in a module that only implements a fixup hook, which can be configured on potentially offending requests to scan and correct the headers_out members? Such a module could also do something to work around other CTLs, and invalid header token names, to avoid 500 error conditions and attempt to still forward some response.