You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Field values containing CR, LF, or NUL characters are invalid and dangerous, due to the varying ways that implementations might parse and interpret those characters; a recipient of CR, LF, or NUL within a field value MUST either reject the message or replace each of those characters with SP before further processing or forwarding of that message.
OkHttp(please see this) and many modern web frameworks (like Flask) reject Header values which contain such illegal characters.
However, the server headers folded headers test group adds rigidity by forcing clients to replace invalid characters with space.
According to the current internet standard (RFC 9110: HTTP Semantics),
"\r\n" is invalid
OkHttp
(please see this) and many modern web frameworks (like Flask) reject Header values which contain such illegal characters.However, the
server headers folded headers
test group adds rigidity by forcing clients to replace invalid characters with space.I (thanks to @brianquinlan) suggest adding a boolean flag
supportsFoldedHeaders
totestResponseHeaders()
which ultimately lets us skip the test: folded headersClients rejecting headers with illegal values can also be considered to be conformant to the HTTP Standard.
The text was updated successfully, but these errors were encountered: