Hi, RFC7230 issued June 2014 obsoleting RFC2616 states that multi-line header fields are deprecated and servers can reject http request with a 400 error when they receive such headers. See excerpt below.
I discovered this, because I have now an issue with Jetty which complains about header folding, caused by the X-SSL-certificate header field. Searching for the issue on the internet I noticed, that other servers are also rejecting such kind of headers. It would be nice if pound could adjust its behaviour with regard to this header and send it as a single line, or if there would be at least a configuration item which allows the suppression of the X-SSL-certificate header, while still keeping all other X-SSL-* headers. Thank you very much, claudio 3.2.4. Field Parsing […] Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type (Section 8.3.1). A sender MUST NOT generate a message that includes line folding (i.e., that has any field-value that contains a match to the obs-fold rule) unless the message is intended for packaging within the message/http media type. A server that receives an obs-fold in a request message that is not within a message/http container MUST either reject the message by sending a 400 (Bad Request), preferably with a representation explaining that obsolete line folding is unacceptable, or replace each received obs-fold with one or more SP octets prior to interpreting the field value or forwarding the message downstream. Page 24/25 in https://tools.ietf.org/rfc/rfc7230.txt -- Claudio Nieder . mailto:[email protected] . http://inodes.ch/ iNodes AG . Loogartenstrasse 14 . CH-8048 Zürich . +41 43 960 0066 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
