Re: CRLF requirement

On Mon, Jun 30, 2014 at 6:35 AM, Willy Tarreau <> wrote:
> Hi Anne,
> On Mon, Jun 30, 2014 at 01:23:50PM +0200, Anne van Kesteren wrote:
>> Why does still require CRLF while
>> most implementations handle either CR or LF fine? As far as I can tell
>> line parsing in HTTP is interoperable with text/plain, text/html,
>> text/css, etc. It's newline = CR / LF / CRLF.
> Please take a look at 3.5. "Message Parsing Robustness" :
>   "Although the line terminator for the start-line and header fields is
>    the sequence CRLF, a recipient MAY recognize a single LF as a line
>    terminator and ignore any preceding CR."

The text in RFC2616 was
> we recommend that applications, when parsing such headers, recognize a single LF as a line terminator and ignore **the** leading CR.

The change from [CR] LF to *CR LF is dangerous, IMO. Previously,
CRCRLF must be rejected, now, in rfc7230, it MAY be accepted as one
line break. (And then Anne wanted it to be accepted as two line

It's always troubling if different agents MAY interpret the same
message differently. We cannot add any more leniency to parsing. If
any new software generates anything but CRLF in 2014, it's just sloppy

Zhong Yu

Received on Tuesday, 1 July 2014 14:36:28 UTC