Closed Bug 205078 Opened 22 years ago Closed 22 years ago

multi-line (continued) headers is missing leading white space character

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jabradford, Assigned: darin.moz)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 The continuation of header values across new lines (multi-line headers) violates the relevant RFCs. A continued header must start with a white space character. Correct example: WWW-Authenticate: Basic realm="foo" Digest realm="bar" What mozilla does: WWW-Authenticate: Basic realm="foo" Digest realm="bar" RFCs: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 http://www.ietf.org/rfc/rfc0822.txt (Section 3.1.1) Reproducible: Always Steps to Reproduce: It's a simple fix, though. nsHttpHeaderArray.cpp::SetHeader http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpHeaderA\rray.cpp#32 change line 69 from: entry->value.Append('\n'); to: entry->value.Append("\n ");
Oh. So the merging of headers across lines currently only happens to headers we get from the server, so mozilla doesn't output anything wrong as a result. And, there is at least one place in the code (the SelectChallenge function in nsHttpChannel) that wouldn't work if there was an extra space after the newline. So don't make this change. However, if a request header was added to the merge across lines code there, it would generate the wrong thing. But since I can't imagine a scenario where that would be used, I'm marking this invalid.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.