The HTTP ReasonPhrase value is a standard human-readable field that accompanies the status code with a reason for it, e.g.
HTTP/1.1 200 OK
or
HTTP/1.1 405 Method Not Allowed
This can be customised by the server, e.g.:
HTTP/1.1 200 I'm A Little Teapot Short And Stout
Unfortunately there is no guarantee in HTTP/1.0 and HTTP/1.1 that intermediate proxy server will preserve these customised values all the way between the server and client.
As a part of WI00294611, this PR adds a new analyzer to detect when people set a custom value on HttpResponseMessage (for ASP.NET Web API / Web API 2) or IHttpResponseFeature (for ASP.NET Core), draw their attention to the problem, and stop them from doing so at compile-time, well before it has an opportunity to slip through code review.
The HTTP ReasonPhrase value is a standard human-readable field that accompanies the status code with a reason for it, e.g.
or
This can be customised by the server, e.g.:
Unfortunately there is no guarantee in HTTP/1.0 and HTTP/1.1 that intermediate proxy server will preserve these customised values all the way between the server and client.
Furthermore, in HTTP/2, the ReasonPhrase field has been dropped entirely, leaving only the status code: https://github.com/http2/http2-spec/issues/202
As a part of WI00294611, this PR adds a new analyzer to detect when people set a custom value on
HttpResponseMessage(for ASP.NET Web API / Web API 2) orIHttpResponseFeature(for ASP.NET Core), draw their attention to the problem, and stop them from doing so at compile-time, well before it has an opportunity to slip through code review.