status-line trailing SP is missing ?
Maxim Dounin
mdounin at mdounin.ru
Thu Aug 31 19:24:51 UTC 2023
Hello!
On Thu, Aug 31, 2023 at 03:45:06PM +0400, Sergey Kandaurov wrote:
> > On 31 Aug 2023, at 14:28, Maxim Dounin <mdounin at mdounin.ru> wrote:
> >
> > Hello!
> >
> > On Wed, Aug 30, 2023 at 04:20:15PM +0400, Sergey Kandaurov wrote:
> >
> >>> On 29 Aug 2023, at 08:33, Maxim Dounin <mdounin at mdounin.ru> wrote:
> >>>
> >>> On Mon, Aug 28, 2023 at 08:59:28PM +0400, Sergey Kandaurov wrote:
> >>>
> >>>>> On 26 Aug 2023, at 18:21, Jérémy Lal <kapouer at melix.org> wrote:
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> https://bugs.debian.org/1050571
> >>>>> reports that the Status line doesn't always end with space, which seems contradictory to RFC9112 which states:
> >>>>> "A server MUST send the space that separates the status-code from the reason-phrase even when the reason-phrase is absent (i.e., the status-line would end with the space)."
> >>>>>
> >>>>> Is it a documented nginx 1.24.0 behavior ?
> >>>>>
> >>>>
> >>>> Note that the response line with empty reason phrase
> >>>> is properly generated since nginx 1.5.6.
> >>>> The exception remains is proxying FastCGI responses
> >>>> as there is no distinguished response line in CGI syntax.
> >>>>
> >>>> The reason is that Status is a CGI header field, and hence
> >>>> it is parsed by a generic routine that cuts trailing spaces.
> >>>> But it can have a trailing space per RFC 3875, section 6.3.3.
> >>>> So it needs a special treatment to preserve SP before empty reason
> >>>> phrase. The below patch should help; although it doesn't look
> >>>> efficient and can be polished, I think this is quite enough for
> >>>> valid use cases.
> >>>
> >>> I very much doubt that RFC 3875 properly defines whitespace
> >>> handling, see my response to the original report. In this
> >>> particular case, it seems to define a header which cannot be
> >>> correctly parsed if reason-phrase is empty.
> >>>
> >>
> >> Yes, it is quite dubious how this can be parsed correctly.
> >> Although it is valid to have a trailing space in Status,
> >> this contradicts to header field value syntax per RFC 3875:
> >> field-content = *( token | separator | quoted-string )
> >
> > Note that field-value syntax does no apply to the "Status" header,
> > its syntax is defined separately.
>
> Well, per RFC 3875 BNF, Status is CGI-field, which if generalized
> to other-field, consists of field-content.
Syntax is as follows
(https://datatracker.ietf.org/doc/html/rfc3875#section-6.3):
header-field = CGI-field | other-field
CGI-field = Content-Type | Location | Status
other-field = protocol-field | extension-field
protocol-field = generic-field
extension-field = generic-field
generic-field = field-name ":" [ field-value ] NL
CGI-field and other-field are mutually exclusive variants of
header-field, and there is no generalization.
Generalization was present in the original RFC draft
(https://datatracker.ietf.org/doc/html/draft-robinson-www-interface-00#section-9.2),
but was removed during work on RFC 3875 (in
https://datatracker.ietf.org/doc/html/draft-coar-cgi-v11-03). Not
sure about the reasons, but might be because Status indeed does not
conform to the generic-field syntax, and this was an attempt to
fix it.
Either way, the fact is: RFC 3875 does not correctly specify
whitespace handling, and shouldn't be relied upon.
[...]
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list