Closed Bug 632210 Opened 13 years ago Closed 8 years ago

Arbitrary junk prefixes are allowed before the HTTP status line

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: briansmith, Unassigned)

Details

nsHttpTransaction allows arbitrary data to prefix the HTTP status line (e.g. "foo HTTP/1.1"). Historically, it has been relatively common for servers to (illegally) prefix the status line with whitespace. But, I do not know how whether we need to allow arbirary (non-whitespace) prefixes.

If some kind of filtering proxy uses a more strict parser than us, then a website may be able to smuggle one or more responses past the proxy in such a way that the proxy interprets them as a single HTTP/0.9 response while we interpret them as one or more HTTP/1.0+ responses on a persistent/pipelined connection. I do not know if this is a problem in practice but it is something that should be investigated.
a lot of junk is contextually allowed.. sometimes its whitespace, sometimes its things like the body of a 304 (illegal, but common)..
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.