Crash my webserver!
Vladimir Panteleev
thecybershadow.lists at gmail.com
Sat May 13 22:25:28 UTC 2023
On Saturday, 13 May 2023 at 11:32:39 UTC, Andrea Fontana wrote:
> Do you mean as line separator in headers? I know some (old?)
> clients use it but I think HTTP protocol requires CRLF
Ah, OK. I thought the specification allowed either.
>> - Host header is mandatory, but not for nginx
> Only for HTTP/1.1. It's not mandatory for HTTP/1.0, is it?
I get a 400 with 1.0 too.
>> - Raw UTF-8 gets mangled in URL and POST parameters, you might
>> be decoding those twice
>
> Interesting, could you please give me an example?
printf 'GET /?ппп=ĂÎȘȚ HTTP/1.0\r\nHost:
test.andreafontana.it\r\n\r\n' | nc -v test.andreafontana.it 57123
It returns mojibake. However, only for URL and form parameters.
Normally these get percent-encoded by user-agents though.
More information about the Digitalmars-d
mailing list