Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Disable verify_header in 7.84.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Sun, 5 Feb 2023 23:53:39 +0100 (CET)
On Fri, 3 Feb 2023, bhavesh soni via curl-users wrote:
> Curl has introduced verify_headers() in 7.83.0/7.84.0. <http://7.84.0.0/>
> This basically is invalidating the partial response
Please elaborate. This function was added to make curl validate HTTP headers
slighly more strict than before and instead of just silently accept almost
whatever violation you could throw at it.
If your server sends a header this function doesn't think is okay, can you
please clarify and explain why you think this function is wrong?
If this function is not wrong, then I would like to learn why we should change
it.
> Is there any way in the latest curl to disable this method via config or
> something like that?
No. You are the first person to mention a problem with this.
> If not, If I mask up the method, what are the impact areas I need to take
> care of in the code when I rebuild?
You allow non-HTTP compliant headers through. The full impact of that is hard
to assess, which is also part of the reason why we added that function a while
back.
Date: Sun, 5 Feb 2023 23:53:39 +0100 (CET)
On Fri, 3 Feb 2023, bhavesh soni via curl-users wrote:
> Curl has introduced verify_headers() in 7.83.0/7.84.0. <http://7.84.0.0/>
> This basically is invalidating the partial response
Please elaborate. This function was added to make curl validate HTTP headers
slighly more strict than before and instead of just silently accept almost
whatever violation you could throw at it.
If your server sends a header this function doesn't think is okay, can you
please clarify and explain why you think this function is wrong?
If this function is not wrong, then I would like to learn why we should change
it.
> Is there any way in the latest curl to disable this method via config or
> something like that?
No. You are the first person to mention a problem with this.
> If not, If I mask up the method, what are the impact areas I need to take
> care of in the code when I rebuild?
You allow non-HTTP compliant headers through. The full impact of that is hard
to assess, which is also part of the reason why we added that function a while
back.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-02-05