Changeset 2039

Timestamp:

08/12/12 07:45:40 (9 years ago)

Author:

fielding@…

Message:

Parsing obs-fold is necessary for backwards compat; addresses #409

File:

• draft-ietf-httpbis/latest/p1-messaging.xml (modified) (2 diffs)

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -1296 +1296 @@
    In the past, differences in the handling of such whitespace have led to
    security vulnerabilities in request routing and response handling.
-   Any received request message that contains whitespace between a header
-   field-name and colon &MUST; be rejected with a response code of 400
-   (Bad Request).  A proxy &MUST; remove any such whitespace from a response
-   message before forwarding the message downstream.
+   A server &MUST; reject any received request message that contains
+   whitespace between a header field-name and colon with a response code of
+   <x:ref>400 (Bad Request)</x:ref>. A proxy &MUST; remove any such whitespace
+   from a response message before forwarding the message downstream.
 </t>
 <t>
@@ -1315 +1315 @@
    folding except within the message/http media type
    (<xref target="internet.media.type.message.http"/>).
-   HTTP senders &MUST-NOT; generate messages that include line folding
+   Senders &MUST-NOT; generate messages that include line folding
    (i.e., that contain any field-value that matches the obs-fold rule) unless
    the message is intended for packaging within the message/http media type.
-   HTTP recipients &SHOULD; accept line folding and replace any embedded
+   Recipients &MUST; accept line folding and replace any embedded
    obs-fold whitespace with either a single SP or a matching number of SP
    octets (to avoid buffer copying) prior to interpreting the field value or