W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Translating CR LF to HTTP/1 headers

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 03 Sep 2013 17:47:10 +0200
Message-ID: <5226047E.9060409@gmx.de>
To: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 2013-09-03 17:31, Tatsuhiro Tsujikawa wrote:
> In http://http2.github.io/http2-spec/#rfc.section.10.3
>
> """
> An intermediary that performs translation into HTTP/1.1 cannot
> alter the semantics of requests or responses. In particular,
> header field names or values that contain characters not
> permitted by HTTP/1.1, including carriage return (U+10) or line
> feed (U+13) MUST NOT be translated verbatim.
> """
>
> So if U+10 and/or U+13 are included in HTTP/2 headers, what
> should intermediary do to translate them into HTTP/1?  Just
> remove them or replace them with safe characters? The meaning of
> the headers may change with these changes, especially if those
> characters are permitted in HTTP/2 headers.  Returning 5xx
> response may be an option. But there is very interesting
> situation. If all machines in the path are HTTP/2, then the
> request succeeds, but if one of them is HTTP/1 then request
> fails.

CR and LF *are* allowed in HTTP/1.1 field *values* (not names), as per 
the OBS-FOLD ABNF production. 
(<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-23.html#header.fields>)

Best regards, Julian
Received on Tuesday, 3 September 2013 15:47:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC