Crash my webserver!
Andrea Fontana
nospam at example.org
Sat May 13 11:32:39 UTC 2023
On Saturday, 13 May 2023 at 11:21:53 UTC, Vladimir Panteleev
wrote:
> On Saturday, 13 May 2023 at 09:03:22 UTC, Andrea Fontana wrote:
>> Online into the wild listening on port 57123.
>
> Not bad. What I found in 10 minutes:
I've seen your tests! Thank you Vladimir!
> - LF line endings are not accepted
Do you mean as line separator in headers? I know some (old?)
clients use it but I think HTTP protocol requires CRLF
> - Host header is mandatory, but not for nginx
Only for HTTP/1.1. It's not mandatory for HTTP/1.0, is it?
> - Raw UTF-8 gets mangled in URL and POST parameters, you might
> be decoding those twice
Interesting, could you please give me an example?
> - `multipart/form-data` encoding errors are silently discarded
It is (and a warning is shown on server error log). Probably
you're right and I should send back a 400 Bad Request. Or
something else?
> - The server seems to handle
> `application/x-www-form-urlencoded` very differently from
> `multipart/form-data`? Even though they're both alternative
> options for HTML `<form>` parameters, and one is somewhat of a
> superset of the other
Yes, somewhat. But I can't really build a superset, that's why
they are managed in two different ways.
>
> Hope this helps.
Sure! Thanks!
More information about the Digitalmars-d
mailing list