On Tue, Apr 16, 2013 at 02:06:30AM +0400, Maxim Dounin wrote:
> On Mon, Apr 15, 2013 at 10:42:30PM +0100, Francis Daly wrote:
> > On Mon, Apr 15, 2013 at 05:35:27PM -0400, jaychris wrote:

Hi there,

> > > client sent invalid header line: "X_FORWARDED_PROTO: http" while reading
> > > client request headers,
> >
> > "_" is not a valid character in a http header.

> Strictly speaking, "_" isn't invalid, but it's not something nginx
> allows by default due to security problems it might create - as
> it's indistinguishable from "-" in CGI-like headers
> representation.

Oh, thanks for the correction. I learn something new every day.

(RFC 2616 and its definition of "token", which allows 78 characters,
if I count right. I don't know if there's a beyond-ASCII update to extend
that, but it shouldn't restrict it further.)

Cheers,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx