multi-line (continued) headers is missing leading white space character

RESOLVED INVALID

Status

()

Core
Networking: HTTP
RESOLVED INVALID
15 years ago
15 years ago

People

(Reporter: Justin Bradford, Assigned: Darin Fisher)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312

The continuation of header values across new lines (multi-line headers) violates
the relevant RFCs. A continued header must start with a white space character.

Correct example:
WWW-Authenticate: Basic realm="foo"
 Digest realm="bar"

What mozilla does:
WWW-Authenticate: Basic realm="foo"
Digest realm="bar"

RFCs:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
http://www.ietf.org/rfc/rfc0822.txt (Section 3.1.1)

Reproducible: Always

Steps to Reproduce:




It's a simple fix, though.

nsHttpHeaderArray.cpp::SetHeader
http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpHeaderA\rray.cpp#32

change line 69 from:
 entry->value.Append('\n');
to:
 entry->value.Append("\n ");
(Reporter)

Comment 1

15 years ago
Oh. So the merging of headers across lines currently only happens to headers we
get from the server, so mozilla doesn't output anything wrong as a result. And,
there is at least one place in the code (the SelectChallenge function in
nsHttpChannel) that wouldn't work if there was an extra space after the newline.
So don't make this change.

However, if a request header was added to the merge across lines code there, it
would generate the wrong thing. But since I can't imagine a scenario where that
would be used, I'm marking this invalid.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.