Request methods with hyphens
Maxim Dounin
mdounin at mdounin.ru
Thu Jul 11 12:23:25 UTC 2013
Hello!
On Thu, Jul 11, 2013 at 08:38:47AM +0900, Hiroaki Nakamura wrote:
> Hi,
>
> 2013/7/10 Maxim Dounin <mdounin at mdounin.ru>:
> > Hello!
> >
> > On Wed, Jul 10, 2013 at 10:47:35PM +0900, Hiroaki Nakamura wrote:
> >
> >> Hi all,
> >>
> >> I found nginx rejects request methods with hyphens like
> >> VERSION-CONTROL with the status code 400.
> >> I got the following debug log:
> >>
> >> 2013/07/10 13:55:29 [info] 79048#0: *4 client sent invalid method
> >> while reading client request line, client: 127.0.0.1, server:
> >> localhost, request: "VERSION-CONTROL / HTTP/1.1"
> >> 2013/07/10 13:55:29 [debug] 79048#0: *4 http finalize request: 400, "?" a:1, c:1
> >
> > Is it a method used by some real-world software?
>
> VERSION-CONTROL is defined in the Versioning Extensions to WebDAV spec.
> http://www.webdav.org/specs/rfc3253.html
The question still applies.
[...]
> > As of now nginx rejects anything which isn't uppercase latin
> > letters (or underscore) as syntactically invalid (and hence 400).
>
> According to RFC2616, any CHAR except CTLs or separators is
> syntactically valid.
For sure. But it doesn't mean that (more strict) syntax rules as
applied by nginx needs to be changed (unless there is a good
reason).
> > I don't think that current behaviour should be changed unless
> > there are good reasons to. If there are good reasons, we probably
> > should do something similar to underscores_in_headers, see
> > http://nginx.org/r/underscores_in_headers.
>
> I would like to use limit_except to accept only HEAD, GET and POST methods,
> and return 405 (Method Not Allowed) or 501 (Not Implemented) for the
> other methods.
> Is this a good reason?
Doesn't looks like a good reason for me.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list