Wednesday, June 10, 2009

Extra CRLF in the POST request

Some times Servers may receive POST request with an extra CRLF ,which mostly added by clients(browsers) . Because some servers (e.g CERN webserver) require this extra CRLF to process. As per the RFC this is not a valid request , for this reason only ,content length header in the POST request will not include this CRLF.

generic-message = start-line
*(message-header CRLF)
[ message-body ]
start-line = Request-Line | Status-Line

This is the BNF for the http requests. In this after each header there should be one CRLF to indicate the end of the header , and one extra CRLF should be between the headers and the body to differentiate message body with headers. In message-body there should not be any CRLF's.

Certain buggy HTTP/1.0 client implementations generate extra CRLF's after a POST request. To restate what is explicitly forbidden by the BNF, an HTTP/1.1 client MUST NOT preface or follow a request with an extra CRLF.

No comments:

Popular Posts