headers icon indicating copy to clipboard operation
headers copied to clipboard
verified publisher icon hyperium

AccessControlAllowHeader's `iter()` might not behave properly

Open AlaricSenat opened this issue 6 years ago • 1 comments

According to CORS: Access-Control-Allow-Headers: "Access-Control-Allow-Headers" ":" #field-name You can find the definition of the construct #rule in the http1.1 rfc.

Then why calling iter() on such a header: "AccessControlAllowHeaders(",x-print") (note the comma) returns an empty iterator instead of something like "", "x-print" ?

This behavior was implemented by 026949abc09a4fe1cc7fa3fcbbb19ff7f6e42d9f but is not consistent with all the other header types having a #field-name as values (AccessControlExposeHeaders for instance).

AlaricSenat avatar Dec 19 '19 23:12 AlaricSenat

The 'Strange allowheaders (case insensitive)' case of https://github.com/web-platform-tests/wpt/blob/master/cors/request-headers.htm expects a leading comma to be accepted. I notice that the parser is fine with the consecutive commas in the middle; it's only the leading one that's causing problems.

pshaughn avatar Jan 14 '20 15:01 pshaughn