[
https://issues.apache.org/jira/browse/DISPATCH-1784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ken Giusti resolved DISPATCH-1784.
----------------------------------
Resolution: Fixed
> HTTP1.x adaptor does not handle folded header lines
> ---------------------------------------------------
>
> Key: DISPATCH-1784
> URL: https://issues.apache.org/jira/browse/DISPATCH-1784
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Protocol Adaptors
> Affects Versions: 1.15.0
> Reporter: Ken Giusti
> Assignee: Ken Giusti
> Priority: Blocker
> Labels: HTTP/1.x
> Fix For: 1.15.0
>
>
> The HTTP1/x codec does not recognize headers that are "folded" as described
> in RFC1945 (HTTP/1.0 - see below) and produces undefined behavior (garbled
> headers) if encountered in the input stream.
>
> The codec needs to handle folded headers gracefully. At minimum reject (400
> "Bad Request") requests, but ideally simply remove the folding as described
> below.
>
> From RFC1945:
>
> {quote}HTTP/1.0 headers may be folded onto multiple lines if each
> continuation line begins with a space or horizontal tab. All linear
> whitespace, including folding, has the same semantics as SP. LWS = [CRLF] 1*(
> SP | HT ) However, folding of header lines is not expected by some
> applications, and should not be generated by HTTP/1.0 applications.
> {quote}
>
> From RFC7230:
>
> {quote}Historically, HTTP header field values could be extended over multiple
> lines by preceding each extra line with at least one space or horizontal tab
> (obs-fold). This specification deprecates such line folding except within the
> message/http media type...
> {quote}
>
> {quote}A server that receives an obs-fold in a request message that is not
> within a message/http container MUST either reject the message by sending a
> 400 (Bad Request), preferably with a representation explaining that obsolete
> line folding is unacceptable, or replace each received obs-fold with one or
> more SP octets prior to interpreting the field value or forwarding the
> message downstream...
> {quote}
>
> {quote}A user agent that receives an obs-fold in a response message that is
> not within a message/http container MUST replace each received obs-fold with
> one or more SP octets prior to interpreting the field value.
> {quote}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
