[Mongrel] Bare carriage returns in HTTP headers
rochkind at jhu.edu
Thu Mar 26 16:41:23 EDT 2009
Oh, and PS, I know that IE6 sends those. Because I discovered it. Safari
does too, for that matter. If they are (illegaly) in a URL in HTML or
entered in the location bar, etc.
My particular case in fact involved URLs in HTML (produced by a third
party, but targetting my app) delivered to an ordinary user agent like
IE6 or Firefox or Safari. Firefox would happily correct them before
sending them to the server. IE6 and Safari, no.
This is what I reported like a year and a half ago, and was told it
wasn't mongrel's problem. And brought up again like four months ago, to
see if with different developers you'd have a different opinion, and was
again told it wasn't mongrel's problem.
I guess someone with more pull than me found it inconvenient?
Eric Wong wrote:
> Jonathan Rochkind <rochkind at jhu.edu> wrote:
>> My problem was with invalid query strings being sent to me by a vendor,
>> not with problems in the header. So it won't be _exactly_ the same. I'm
>> not sure if an apache rewrite map can change headers or not; it can
>> change path/query string, which is all I needed. But I can show you what
>> I did, in case it gives you ideas. It was a bit of a pain to figure out.
>> And here's the simple Perl script that replaced illegal chars in URL
>> path/query string:
> These two those are no longer needed with the SVN version (which
> we currently run in production on a pretty heavy site). I think
> it was IE6 sending them and we can't ignore IE6 :<
> Unfortunately I don't think it made the 1.1.5 release
> I don't think I ever saw Mongrel error out on these. Is your vendor
> really that brain damaged?
> But man, this just creeps me out:
> s/ /\+/g;
> ps: "tr/ /+/;" should be a tick faster than "s/ /\+/g;" :)
More information about the Mongrel-users