- 2012-12-07 23:45:40 (2 years ago)
- 1 edited
r2038 r2039 1296 1296 In the past, differences in the handling of such whitespace have led to 1297 1297 security vulnerabilities in request routing and response handling. 1298 A ny received request message that contains whitespace between a header 1299 field-name and colon &MUST; be rejected with a response code of 400 1300 (Bad Request). A proxy &MUST; remove any such whitespace from a response 1301 message before forwarding the message downstream. 1298 A 1299 1300 e 1301 message before forwarding the message downstream. 1302 1302 </t> 1303 1303 <t> … … 1315 1315 folding except within the message/http media type 1316 1316 (<xref target="internet.media.type.message.http"/>). 1317 HTTP senders &MUST-NOT; generate messages that include line folding 1317 enders &MUST-NOT; generate messages that include line folding 1318 1318 (i.e., that contain any field-value that matches the obs-fold rule) unless 1319 1319 the message is intended for packaging within the message/http media type. 1320 HTTP recipients &SHOULD; accept line folding and replace any embedded 1320 ; accept line folding and replace any embedded 1321 1321 obs-fold whitespace with either a single SP or a matching number of SP 1322 1322 octets (to avoid buffer copying) prior to interpreting the field value or
Note: See TracChangeset for help on using the changeset viewer.