是否可以在 HTTP header-field 中包含多个 CRLF?
Is it possible to include multiple CRLFs in a HTTP header-field?
以下是最新 HTTP RFC 7230HTTP-message 中的定义
HTTP-message = start-line
*( header-field CRLF )
CRLF
[ message-body ]
下面是header-field,
的定义
header-field = field-name ":" OWS field-value OWS
field-name = token
field-value = *( field-content / obs-fold )
field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
field-vchar = VCHAR / obs-text
obs-fold = CRLF 1*( SP / HTAB )
..和:
obs-text = %x80-FF
..和ABNF's:
VCHAR = %x21-7E
; visible (printing) characters
正如我们所见,field-value 可以有多个 obs-folds 而 obs-folds 有一个 CRLF。这对我来说很奇怪,因为我认为 CRLF 是 header 行的结尾。有多个CRLF编码成一个header-field的例子吗?或者,我是否误解了定义?
您对标准的理解是正确的。过去,RFC 2616 支持 multi-line header 值。此功能被称为“折线”:
HTTP/1.1 header field values can be folded onto multiple lines if the continuation line begins with a space or horizontal tab. All linear white space, including folding, has the same semantics as SP. A recipient MAY replace any linear white space with a single SP before interpreting the field value or forwarding the message downstream.
所以下面两种形式是等价的:
Header: value1, value2
和
Header: value1,
value2
较新的 RFC 7230 明确反对这一点。事实上,“obs-fold”中的“obs”代表“过时”。
Historically, HTTP header field values could be extended over multiple
lines by preceding each extra line with at least one space or
horizontal tab (obs-fold). This specification deprecates such line
folding except within the message/http media type (Section 8.3.1). A
sender MUST NOT generate a message that includes line folding (i.e.,
that has any field-value that contains a match to the obs-fold rule)
unless the message is intended for packaging within the message/http
media type.
所以虽然我在实践中从未见过这个功能(或者至少没有注意到它),但它是存在的。此外,似乎行折叠甚至没有完全弃用,HTTP 媒体类型 header.
仍然允许使用它
Multi-line headers 仍受标准 HTTP header 解析器支持 PHP [arv], Java, and Go.
等语言
我设法找到的关于这种 header 的唯一具体示例是在这个 technet blog post 中,它有这张图片:
注意黄色 0d 0a(回车 return,换行)在 Content-Type header.
中
以下是最新 HTTP RFC 7230HTTP-message 中的定义
HTTP-message = start-line
*( header-field CRLF )
CRLF
[ message-body ]
下面是header-field,
的定义 header-field = field-name ":" OWS field-value OWS
field-name = token
field-value = *( field-content / obs-fold )
field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
field-vchar = VCHAR / obs-text
obs-fold = CRLF 1*( SP / HTAB )
..和:
obs-text = %x80-FF
..和ABNF's:
VCHAR = %x21-7E
; visible (printing) characters
正如我们所见,field-value 可以有多个 obs-folds 而 obs-folds 有一个 CRLF。这对我来说很奇怪,因为我认为 CRLF 是 header 行的结尾。有多个CRLF编码成一个header-field的例子吗?或者,我是否误解了定义?
您对标准的理解是正确的。过去,RFC 2616 支持 multi-line header 值。此功能被称为“折线”:
HTTP/1.1 header field values can be folded onto multiple lines if the continuation line begins with a space or horizontal tab. All linear white space, including folding, has the same semantics as SP. A recipient MAY replace any linear white space with a single SP before interpreting the field value or forwarding the message downstream.
所以下面两种形式是等价的:
Header: value1, value2
和
Header: value1,
value2
较新的 RFC 7230 明确反对这一点。事实上,“obs-fold”中的“obs”代表“过时”。
Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type (Section 8.3.1). A sender MUST NOT generate a message that includes line folding (i.e., that has any field-value that contains a match to the obs-fold rule) unless the message is intended for packaging within the message/http media type.
所以虽然我在实践中从未见过这个功能(或者至少没有注意到它),但它是存在的。此外,似乎行折叠甚至没有完全弃用,HTTP 媒体类型 header.
仍然允许使用它Multi-line headers 仍受标准 HTTP header 解析器支持 PHP [arv], Java, and Go.
等语言我设法找到的关于这种 header 的唯一具体示例是在这个 technet blog post 中,它有这张图片:
注意黄色 0d 0a(回车 return,换行)在 Content-Type header.