curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: HTTP header validation

From: Dan Fandrich via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 29 Jan 2024 13:34:32 -0800

On Mon, Jan 29, 2024 at 08:59:03PM +0000, Stephen Booth via curl-library wrote:
> I eventually tracked the problem down to the bearer token being passed
> having an extra newline inserted at the end. This was copied through to
> the http request (adding a blank line and making the server ignore any
> subsequent http headers breaking the upload).

This is a case of GIGO. The man page even warns against this:

    curl makes sure that each header you add/replace is sent with the proper
    end-of-line marker, you should thus not add that as a part of the header
    content: do not add newlines or carriage returns, they only mess things up
    for you. curl passes on the verbatim string you give it without any filter
    or other safe guards. That includes white space and control characters.

Dan
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-01-29