[Issue 16174] [SECURITY] HTTP header injection
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Fri Mar 31 17:58:09 PDT 2017
https://issues.dlang.org/show_bug.cgi?id=16174
Steven Schveighoffer <schveiguy at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |schveiguy at yahoo.com
Resolution|--- |WONTFIX
--- Comment #1 from Steven Schveighoffer <schveiguy at yahoo.com> ---
While I can see the concern, the truth is that you already are able to call a
function which is adding a header to the request. In that sense, this isn't
exactly a "security" issue, as you have permission to add the header already.
Where this can be a problem is if you are passing a string from an un-trusted
source, but that's probably not a good idea anyway, even if just adding one
header.
I'm not sure std.net.curl is the right place to make these types of decisions,
it's a pretty bare wrapper around curl.
Closing as WONTFIX, please re-open if you think this is in error.
--
More information about the Digitalmars-d-bugs
mailing list