http-parser icon indicating copy to clipboard operation
http-parser copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Is this valid according to rfc2616?

Open vinniefalco opened this issue 8 years ago • 9 comments

My reading of rfc2616 is that both spaces and horizontal tabs are allowed as LWS in field values:

 LWS = [CRLF] 1*( SP | HT )

But in http_parser.c where there should be checks for both SP and HT I see only a check for SP: https://github.com/nodejs/http-parser/blob/master/http_parser.c#L1660

That means the following HTTP message is malformed:

GET / HTTP/1.1\r\n
Host: example.com:80\r\n
Connection: keep-alive\t\r\n
\r\n

Am I reading this correctly?

vinniefalco avatar Apr 25 '16 05:04 vinniefalco

Hm.. it really looks like we should support this. I think you are reading it correctly.

cc @mscdex and @jasnell just in case

indutny avatar Apr 25 '16 19:04 indutny

Yes, IIRC both characters should be allowed.

mscdex avatar Apr 25 '16 19:04 mscdex

For header field values only yes, tabs should be allowed albeit encountering them in the wild appears to be quite rare.

jasnell avatar Apr 25 '16 19:04 jasnell

Also FWIW rfc7230 obsoletes rfc2616.

mscdex avatar Apr 25 '16 19:04 mscdex

@mscdex yeah, I checked it first, and this thing was the same there too.

indutny avatar Apr 25 '16 19:04 indutny

Yes, this message is malformed since host: header is required for HTTP/1.1

socketpair avatar Jul 19 '16 19:07 socketpair

@socketpair Sorry, yes the header is missing but that's not the problem. Even re-adding the header makes the message malformed according to the parser. I will edit the post

vinniefalco avatar Jul 19 '16 20:07 vinniefalco

Also FWIW rfc7230 obsoletes rfc2616.

I too much prefer references to the updated document. However, the rules don't change regarding to optional whitespace (OWS in RFC7230) being allowed in field values.

I use this http parser in my project currently and I had to add more code to remove the ending whitespace from the field value before forwarding it to upper layers because this parser erroneously[1] include ending OWS as part of the field value. I agree about the project decision as it keeps the parser simpler and more performant. However I completely disagree about such poor documentation that doesn't warn users on how to properly use this parser. I'd point people to the implementation of my lib rather than this page itself because of the very very very poor documentation around it. I went just fine because of RFCs and a high load of unit tests. HTTP is the domain I'm implementing and I don't expect to get away not knowing the RFCs. However, for other users, the situation may be very different and they're using this parser exactly because they don't need to know the protocol details.

[1] "The field value does not include any leading or trailing whitespace: OWS occurring before the first non-whitespace octet of the field value or after the last non-whitespace octet of the field value ought to be excluded by parsers when extracting the field value from a header field.", section 3.2.4 of RFC7230

vinipsmaker avatar Jul 19 '16 23:07 vinipsmaker

The RFC7230 (section 3.2) ABNF rules for header fields:

header‑field   = field‑name ":" OWS field‑value OWS
OWS            = *( SP / HTAB )

vinipsmaker avatar Jul 19 '16 23:07 vinipsmaker