Problems with HTTP/2

Aapo Talvensaari aapo.talvensaari at gmail.com
Tue Sep 29 11:14:44 UTC 2015


On 29 September 2015 at 13:38, Sergey Kandaurov <pluknet at nginx.com> wrote:
> So, the header field name output as generated with php
> (and previously guessed by Valentin),
> is invalid as per 7230, which is in turn referenced in 7540.
>
> :   field-name = token
> :   token = 1*tchar
> :   tchar = "!" / "#" / "quot; / "%" / "&" / "'" / "*" / "+" / "-" / "." /
> :    "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
>
> Not much to discuss.

Even if it works just fine with every browser and every other protocol in
Nginx than
HTTP/2? I kinda agree, but being in sense "be liberal what you accept, be
conservative on what you send", it may make the issue still a worth to
solve.

Also it should be checked what happens here on the Nginx itself as this may
even
be a possible bug. Why doesn't it reply with something like internal sever
error or
something in that case? I mean, in worst case this might be a source for a
security
bug (note: I'm not saying it is).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150929/9fcc7843/attachment.html>


More information about the nginx mailing list