Skip to content

Inconsistent header RFCs  #33522

New issue
New issue
Closed
#34441
Closed
Inconsistent header RFCs #33522
#34441
Assignees
wtgodbe
Labels
HTTP2HTTP3area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsfeature-kestrel
Milestone
6.0-rc1
@Tratcher

Description

@Tratcher
Tratcher
opened on Jun 14, 2021

Kestrel HTTP/1.x is strict about spec new line (CRLF) parsing restrictions. However it does not consistently enforce the same restrictions when decoding HTTP/2 (and HTTP/3) headers. IIS HTTP/2 rejects control characters (except for tab) and kestrel should do the same.

https://datatracker.ietf.org/doc/html/rfc7230#section-3.2
https://datatracker.ietf.org/doc/html/rfc7540#section-10.3

Metadata

Metadata

Assignees

Labels

HTTP2HTTP3area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsfeature-kestrel

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions