User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 The continuation of header values across new lines (multi-line headers) violates the relevant RFCs. A continued header must start with a white space character. Correct example: WWW-Authenticate: Basic realm="foo" Digest realm="bar" What mozilla does: WWW-Authenticate: Basic realm="foo" Digest realm="bar" RFCs: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 http://www.ietf.org/rfc/rfc0822.txt (Section 3.1.1) Reproducible: Always Steps to Reproduce: It's a simple fix, though. nsHttpHeaderArray.cpp::SetHeader http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpHeaderA\rray.cpp#32 change line 69 from: entry->value.Append('\n'); to: entry->value.Append("\n ");
Oh. So the merging of headers across lines currently only happens to headers we get from the server, so mozilla doesn't output anything wrong as a result. And, there is at least one place in the code (the SelectChallenge function in nsHttpChannel) that wouldn't work if there was an extra space after the newline. So don't make this change. However, if a request header was added to the merge across lines code there, it would generate the wrong thing. But since I can't imagine a scenario where that would be used, I'm marking this invalid.