<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Validation in isValidHTTPHeaderValue is too sensitive."
href="https://bugs.webkit.org/show_bug.cgi?id=147445#c1">Comment # 1</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Validation in isValidHTTPHeaderValue is too sensitive."
href="https://bugs.webkit.org/show_bug.cgi?id=147445">bug 147445</a>
from <span class="vcard"><a class="email" href="mailto:youennf@gmail.com" title="youenn fablet <youennf@gmail.com>"> <span class="fn">youenn fablet</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=147445#c0">comment #0</a>)
<span class="quote">> The changes for <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - Tighten XMLHttpRequest setRequestHeader value check"
href="show_bug.cgi?id=128593">Bug 128593</a> were made to make the validation of the HTTP
> header tighter as per suggestions RFC 7230.
> Looking at the changes made, extra validation has been implement namely
> classing a single SPACE character as invalid.
> RFC 7230 doesn't not specify that this is an invalid value.</span >
Looking at <a href="https://tools.ietf.org/html/rfc2616#section-4.2">https://tools.ietf.org/html/rfc2616#section-4.2</a>, it seems RFC 2616 is fine with a " " header value.
Looking at <a href="https://tools.ietf.org/html/rfc7230#section-3.2">https://tools.ietf.org/html/rfc7230#section-3.2</a>, field-value is expected to start with a character, not a whitespace.
That said, IIRC, XHR spec is referencing RFC 2616.
Do you know what other browsers are doing?
<span class="quote">> I am reporting this since we utilites the ablility to set the "Content-Type"
> to a space character and these changes have broken our site.</span >
Has CT: " " a special meaning for that server?
What about using application/octet-stream instead?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>