You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped according to the RFCs. This is what nearly all other HTTP implementations do, including AIOHTTP, Apache httpd, Cheroot, Go net/http, H2O, HAProxy, Hyper, Hypercorn, Jetty, Libsoup, Lighttpd, Mongoose, Netty, Node.js, LiteSpeed, Passenger, Tomcat, Tornado, Twisted, Unicorn, Uvicorn, Waitress, and WEBrick.
Instead, FastHTTP allows the tabs to persist into the header value.
This can be confirmed by
running a FastHTTP server that echos header values (like this one),
sending it a request with a header value prefixed and suffixed with tabs, and extracting the echoed header value:
* Fix RequestHeader parser (#1808)
When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped.
* Remove redundant code
* Add test for header parser including tabs (#1808)
When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped according to the RFCs. This is what nearly all other HTTP implementations do, including AIOHTTP, Apache httpd, Cheroot, Go net/http, H2O, HAProxy, Hyper, Hypercorn, Jetty, Libsoup, Lighttpd, Mongoose, Netty, Node.js, LiteSpeed, Passenger, Tomcat, Tornado, Twisted, Unicorn, Uvicorn, Waitress, and WEBrick.
Instead, FastHTTP allows the tabs to persist into the header value.
This can be confirmed by
Notably, spaces are correctly stripped. Presumably, the patch should change this function to strip tabs in addition to spaces.
The text was updated successfully, but these errors were encountered: