[Webkit-unassigned] [Bug 147445] Validation in isValidHTTPHeaderValue is too sensitive.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 30 09:01:33 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=147445
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #5 from Alexey Proskuryakov <ap at webkit.org> ---
A field value cannot have a leading space per RFC7230, because field-content production requires a field-vchar before any spaces. Furthermore, the space would be just ignored as part of optional whitespace before the value. In other words, "Content-Type: foo" is equivalent to "Content-Type: foo", so the extra spaces are just ignored.
Out of curiosity, what did the site achieve by setting Content-Type to space? This is not a valid MIME type either, so even if HTTP allowed that, it wouldn't have done anything meaningful I think.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150730/837ba2bb/attachment.html>
More information about the webkit-unassigned
mailing list