Closed DavZim closed 2 years ago
wild wild http =) Yes, seems not all http headers should be split on comma. Would be great if you could investigate.
Is there any RFC where this is clearly described? We can skip split headers by default as made in some other frameworks. Otherwise we should support whitelist of the header names.
I will have a look at it.
Do you know why the RestRserve::Request
is handled differently than the curl
request?
Not sure - need to see source code
A quick note on why the two (BackendRserve$new()...
vs Application$process_request
) handle the headers differently (for the moment I am looking at the way middleware handles the headers in process_request
) from what I understand at the moment:
cpp_parse_headers
around herecpp_parse_headers
function is called in BackendRserve hereThis makes it hard to test as I don't know of a way to test the library with BackendRserve, therefore the error is not possible to trigger in the test environment.
Regardless, I will work on making the cpp_parse_headers
code dependent on header names.
Don't remember, need to see the source code
On Thu, 14 Apr 2022, 17:21 DavZim, @.***> wrote:
I will have a look at it.
Do you know why the RestRserve::Request is handled differently than the curl request?
— Reply to this email directly, view it on GitHub https://github.com/rexyai/RestRserve/issues/187#issuecomment-1098916224, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHC5XLDX33TTO4XZUFHMWTVE7PSZANCNFSM5TM67SPQ . You are receiving this because you commented.Message ID: @.***>
All header values are split on comma. This breaks for example the
If-Modified-Since
functionality of ETags as it uses the (ugly but sadly standard) "Tue, 15 Mar 2022 10:27:07 GMT" format.According to this not all headers should be split on comma.
This is not present when
RestRserve::Request
andapp$process_request(req)
is used for some reasons.Is this intended or a bug/not-yet-implemented-feature?
If confirmed, I am happy to help.
Replication
Replicate the issue with the following:
Now we can see the issue either by using
curl
:which results in
Note that providing the header as
"If-Modified-Since: \"Tue, 15 ...\""
does not change the outcome.or by using
httr
:which also results in