Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: HTTP header validation
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dan Fandrich via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 29 Jan 2024 13:34:32 -0800
On Mon, Jan 29, 2024 at 08:59:03PM +0000, Stephen Booth via curl-library wrote:
> I eventually tracked the problem down to the bearer token being passed
> having an extra newline inserted at the end. This was copied through to
> the http request (adding a blank line and making the server ignore any
> subsequent http headers breaking the upload).
This is a case of GIGO. The man page even warns against this:
curl makes sure that each header you add/replace is sent with the proper
end-of-line marker, you should thus not add that as a part of the header
content: do not add newlines or carriage returns, they only mess things up
for you. curl passes on the verbatim string you give it without any filter
or other safe guards. That includes white space and control characters.
Dan
Date: Mon, 29 Jan 2024 13:34:32 -0800
On Mon, Jan 29, 2024 at 08:59:03PM +0000, Stephen Booth via curl-library wrote:
> I eventually tracked the problem down to the bearer token being passed
> having an extra newline inserted at the end. This was copied through to
> the http request (adding a blank line and making the server ignore any
> subsequent http headers breaking the upload).
This is a case of GIGO. The man page even warns against this:
curl makes sure that each header you add/replace is sent with the proper
end-of-line marker, you should thus not add that as a part of the header
content: do not add newlines or carriage returns, they only mess things up
for you. curl passes on the verbatim string you give it without any filter
or other safe guards. That includes white space and control characters.
Dan
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-01-29