Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Newlines / Carriage in header values violate HTTP header spec. Will break HTTP/2 #565

Open
jimhooker2002 opened this issue Nov 14, 2024 · 0 comments

Comments

@jimhooker2002
Copy link

With headers such as CSP, they tend to be long and hence people naturally break them over multiple lines in config. That then breaks the service as headers with newline/carriage return violate HTTP spec. Seems especially troublesome in HTTP/2.

Attached patch will sanitize the headers and remove the offending characters.

patchfile.txt

(Sorry about the patchfile, didn't have permissions to create a branch and PR etc. The fix is very simple however.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant