[nginx] SPDY: do not reject headers with empty value (ticket #396).

Valentin Bartenev vbart at nginx.com
Thu Aug 15 15:18:29 UTC 2013


details:   http://hg.nginx.org/nginx/rev/8ef1722143dc
branches:  
changeset: 5324:8ef1722143dc
user:      Valentin Bartenev <vbart at nginx.com>
date:      Thu Aug 15 19:16:09 2013 +0400
description:
SPDY: do not reject headers with empty value (ticket #396).

A quote from SPDY draft 2 specification: "The length of each name and
value must be greater than zero.  A receiver of a zero-length name or
value must send a RST_STREAM with code PROTOCOL error."

But it appears that Chrome browser allows sending requests over SPDY/2
connection using JavaScript that contain headers with empty values.

For better compatibility across SPDY clients and to be compliant with
HTTP, such headers are no longer rejected.

Also, it is worth noting that in SPDY draft 3 the statement has been
changed so that it permits empty values for headers.

diffstat:

 src/http/ngx_http_spdy.c |  4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

diffs (14 lines):

diff -r 2be1a9ce9d8e -r 8ef1722143dc src/http/ngx_http_spdy.c
--- a/src/http/ngx_http_spdy.c	Thu Aug 15 19:14:58 2013 +0400
+++ b/src/http/ngx_http_spdy.c	Thu Aug 15 19:16:09 2013 +0400
@@ -2014,10 +2014,6 @@ ngx_http_spdy_parse_header(ngx_http_requ
 
         len = ngx_spdy_frame_parse_uint16(p);
 
-        if (!len) {
-            return NGX_ERROR;
-        }
-
         /* null-terminate header name */
         *p = '\0';
 



More information about the nginx-devel mailing list