HTTP headers space/case/order 敏感吗?
Are HTTP headers space/case/order sensitive?
让我们假设我有这些 header:
Strict-Transport-Security: max-age=<expire-time>
Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
Strict-Transport-Security: max-age=<expire-time>; preload
为了编写正则表达式,我需要知道:
headerspace敏感吗?例如max-age=<expire-time> vs. Max-age=<expire-time>
他们是case-sensitive吗?例如max-age= <expire-time> vs. Max-age=<expire-time>
他们是order-sensitive吗?例如max-age=<expire-time>; preload vs. preload; max-age=<expire-time>;
回答这类问题的来源是标准——这就是标准。引用自 RFC 7230 section 3.2:
Each header field consists of a case-insensitive field name followed
by a colon (":"), optional leading whitespace, the field value, and
optional trailing whitespace.
至于字段值,这取决于实际header。例如 Set-Cookie 中的值是 case-sensitive。对于 Strict-Transport-Security 你必须查看相关标准。在 RFC 6797 it says in section 6.1:
- The order of appearance of directives is not significant.
...
- Directive names are case-insensitive.
您应该阅读相关的 RFC 规范。
一般HTTP Header names are case insensitive and should not contain white space. HTTP/2 goes further and states that HTTP Header names should be lower case, and also white space there causes errors.
HTTP Header 值 可以 区分大小写,具体取决于 header。对于Strict-Transport-Securityheaderyour questions are covered in that RFC,具体来说:
It is based on the Generic Grammar defined in Section 2 of [RFC2616] (which includes a notion of "implied linear whitespace", also known as "implied *LWS").
这基本上意味着白色 space 不重要。
然后 HSTS RFC 继续说:
- The order of appearance of directives is not significant.
...
- Directive names are case-insensitive.
让我们假设我有这些 header:
Strict-Transport-Security: max-age=<expire-time>
Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
Strict-Transport-Security: max-age=<expire-time>; preload
为了编写正则表达式,我需要知道:
headerspace敏感吗?例如max-age=<expire-time> vs. Max-age=<expire-time>
他们是case-sensitive吗?例如max-age= <expire-time> vs. Max-age=<expire-time>
他们是order-sensitive吗?例如max-age=<expire-time>; preload vs. preload; max-age=<expire-time>;
回答这类问题的来源是标准——这就是标准。引用自 RFC 7230 section 3.2:
Each header field consists of a case-insensitive field name followed by a colon (":"), optional leading whitespace, the field value, and optional trailing whitespace.
至于字段值,这取决于实际header。例如 Set-Cookie 中的值是 case-sensitive。对于 Strict-Transport-Security 你必须查看相关标准。在 RFC 6797 it says in section 6.1:
- The order of appearance of directives is not significant.
...- Directive names are case-insensitive.
您应该阅读相关的 RFC 规范。
一般HTTP Header names are case insensitive and should not contain white space. HTTP/2 goes further and states that HTTP Header names should be lower case, and also white space there causes errors.
HTTP Header 值 可以 区分大小写,具体取决于 header。对于Strict-Transport-Securityheaderyour questions are covered in that RFC,具体来说:
It is based on the Generic Grammar defined in Section 2 of [RFC2616] (which includes a notion of "implied linear whitespace", also known as "implied *LWS").
这基本上意味着白色 space 不重要。
然后 HSTS RFC 继续说:
- The order of appearance of directives is not significant.
...
- Directive names are case-insensitive.