search

aspnet / AspNetWebStack

ASP.NET MVC 5.x, Web API 2.x, and Web Pages 3.x (not ASP.NET Core)
Other
858 stars 354 forks source link

[HttpMessageContent] Invalid Server header when multiple values are present #411

Closed manandre closed 1 year ago

manandre commented 1 year ago

When serializing the Server header, the comma , separator is used while the RFC 9110 states that the space ` seaprator should be used, like for theUser-Agent` header. It is also correctly stated and implemented in .NET runtime

How to reproduce the issue

using System.Net;

var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.OK);
httpResponseMessage.Headers.Add("Server", new[] {"My", "Gateway"});
var message = new HttpMessageContent(httpResponseMessage);
var messageString = await message.ReadAsStringAsync();
Console.WriteLine(messageString);

Obtained result

HTTP/1.1 200 OK
Server: My, Gateway

Expected result

HTTP/1.1 200 OK
Server: My Gateway

Fix proposal

Add the Server header to the existing list of _spaceSeparatedValueHeaderFields https://github.com/aspnet/AspNetWebStack/blob/1231b77d79956152831b75ad7f094f844251b97f/src/System.Net.Http.Formatting/HttpMessageContent.cs#L45-L49

mkArtakMSFT commented 1 year ago

Thanks for contacting us. We're not making any improvements in this area any more as this project is in maintenance mode. Only critical blocking issue with wide impact and security issues are considered.