Re: line folding - ABNF vs prose from Willy Tarreau on 2011-07-27 (ietf-http-wg@w3.org from July to September 2011)

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 27 Jul 2011 17:42:02 +0200
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20110727154202.GB7579@1wt.eu>

On Wed, Jul 27, 2011 at 08:20:58AM -0700, Roy T. Fielding wrote:
> On Jul 27, 2011, at 7:59 AM, Willy Tarreau wrote:
> 
> > On Wed, Jul 27, 2011 at 04:19:16PM +0200, Julian Reschke wrote:
> >> On 2011-07-27 16:07, Willy Tarreau wrote:
> >>> Replacing with a single SP is harder than replacing with any number of
> >>> spaces. For instance, haproxy replaces the CRLF with a comma followed
> >>> by a space so that the line is folded without moving a memory block,
> >>> and it works quite well.
> >>> 
> >>> Maybe the intention was to replace with a single SP but the result is
> >>> still valid with multiple spaces, so maybe we should explicitly allow
> >>> them ? Anyway good catch on this impact on the ABNF !
> >>> ...
> >> 
> >> That might be ok betweek words (tokens/quoted-strings), but might be a 
> >> problem inside quoted-string...
> > 
> > But I thought we were only allowed to fold lines for headers which are
> > defined as comma-separated lists, and to add a comma. So by definition
> > we should not do that on a header that is not a list, and since a header
> > which is not a list must not appear multiple times, this should not be
> > a problem.
> 
> No, (un)folding long field values has nothing to do with combining multiple
> header fields of the same name into a single value.
> 
> In any case, I don't think we should worry about extra spaces breaking a
> quoted string that has been folded on whitespace.  HTTP does not have
> semantically meaningful long quoted strings and normal clients do not
> perform any folding (only test or evil clients).  What is important is
> that recipients do not treat a folded line as an empty line indicating
> the end of headers.

... or don't consider that a line beginning with a space followed by some
text and a colon is a header whose name starts with spaces. I've already
seen this :

  GET / HTTP/1.1
  Host: localhost
  Cookie: foo1="a:b", foo2="c:d",
    foo3="e:f", foo4="g:h"
  Connection: close

And the server considered that the string <  foo3=e"> was the name of a
header, with <f"> the first value, and <foo4="g:h"> the second value.
Unfortunately I don't remember which server it was.

> ....Roy

Willy

Received on Wednesday, 27 July 2011 15:42:41 UTC