为什么HTTP服务器禁止在HTTP标头名称中使用下划线 [英] Why do HTTP servers forbid underscores in HTTP header names

问题描述

我遇到了一个问题:nginx代理未传输自定义HTTP SESSION_ID标头.

I had a problem with a custom HTTP SESSION_ID header not being transfered by nginx proxy.

有人告诉我，根据HTTP RFC，下划线是禁止的.

I was told that underscores are prohibited according to the HTTP RFC.

搜索时，我发现大多数服务器，例如 Apache 或 nginx 在

Searching, I found that most servers like Apache or nginx define them as illegal in RFC2616 section 4.2, which says:

遵循与RFC 822 [9]第3.1节中给出的通用格式相同的通用格式

follow the same generic format as that given in Section 3.1 of RFC 822 [9]

RFC822 说:

字段名称必须由可打印的ASCII字符组成 (即，字符的值介于33.和126.之间， 小数点(冒号除外)

The field-name must be composed of printable ASCII characters (i.e., characters that have values between 33. and 126., decimal, except colon)

下划线是ASCII表中十进制字符95，在33-126范围内.

Underscore is decimal character 95 in the ASCII table in the 33-126 range.

我想念什么?

推荐答案

不禁止使用它们，这是CGI的传统.请参阅"

They are not forbidden, it's CGI legacy. See "Missing (disappearing) HTTP Headers".

如果未显式设置underscores_in_headers on;，nginx会静默删除带下划线的HTTP标头(根据HTTP标准，这是完全有效的).这样做是为了避免将标头映射到CGI变量时出现歧义，因为在此过程中，破折号和下划线都映射到了下划线.

If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.

这篇关于为什么HTTP服务器禁止在HTTP标头名称中使用下划线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！