Description
The HTTP RFC ABNF states that spaces and tabs on either side of header values are not to be considered part of the header value.
When protocol-http1 receives a request with spaces or tabs on the right side of a header value, it does not strip that whitespace.
This is in contrast to the behavior of nearly all other popular HTTP implementations.
Reproduction Steps
- Run a protocol-http1 web server that echoes back received header values, like this one.
- Send it a request with a header containing whitespace, and observe the response:
printf 'GET / HTTP/1.1\r\nHost: a \r\n\r\n' \
| timeout 1 ncat localhost 80 \
| grep '"headers"' \
| jq .headers[0][1] \
| xargs echo \
| base64 -d \
| od -tcx1The trailing space (0x20) persists in the parsed header value.
Description
The HTTP RFC ABNF states that spaces and tabs on either side of header values are not to be considered part of the header value.
When protocol-http1 receives a request with spaces or tabs on the right side of a header value, it does not strip that whitespace.
This is in contrast to the behavior of nearly all other popular HTTP implementations.
Reproduction Steps
The trailing space (0x20) persists in the parsed header value.