[jboss-jira] [JBoss JIRA] (WFWIP-284) Clarify what is invalid header name

Darran Lofthouse (Jira) issues at jboss.org
Wed Dec 11 09:36:00 EST 2019 

    [ https://issues.redhat.com/browse/WFWIP-284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13823928#comment-13823928 ] 

Darran Lofthouse commented on WFWIP-284:
----------------------------------------

The definition of a HTTP Header is defined here : -

https://tools.ietf.org/html/rfc2616#page-31

{noformat}
       message-header = field-name ":" [ field-value ]
       field-name     = token
       field-value    = *( field-content | LWS )
       field-content  = <the OCTETs making up the field-value
                        and consisting of either *TEXT or combinations
                        of token, separators, and quoted-string>
{noformat}

The field name is a token.

The definition of token is defined here: -

https://tools.ietf.org/html/rfc2616#page-17

{noformat}
       token          = 1*<any CHAR except CTLs or separators>
       separators     = "(" | ")" | "<" | ">" | "@"
                      | "," | ";" | ":" | "\" | <">
                      | "/" | "[" | "]" | "?" | "="
                      | "{" | "}" | SP | HT
{noformat}

RFC2616 specifically prohibits the use of the characters you are attempting to use in a HTTP header name.

> Clarify what is invalid header name
> -----------------------------------
>
>                 Key: WFWIP-284
>                 URL: https://issues.redhat.com/browse/WFWIP-284
>             Project: WildFly WIP
>          Issue Type: Task
>            Reporter: Tomas Terem
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>              Labels: management
>
> Header names should follow rules described here:
> https://tools.ietf.org/html/rfc5322#section-2.2
> However, rules for custom headers seems to be more restrictive - for example @ or = are not allowed. 
> I see that these characters are mentioned in https://tools.ietf.org/html/rfc2616#page-16, but it only says that they should be in quotes. However I am not able to configure header containing them in quotes either.
> Is this on purpose? 
> If yes, this needs to be mentioned in analysis&documentation. If not, we need to create critical JBEAP jira for 7.4



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list