为什么 HTTP 服务器禁止在 HTTP 标头名称中使用下划线 [英] Why do HTTP servers forbid underscores in HTTP header names

问题描述

我遇到了自定义 HTTP SESSION_ID 标头未通过 nginx 代理传输的问题.

I had a problem with a custom HTTP SESSION_ID header not being transfered by nginx proxy.

有人告诉我，根据 HTTP RFC 禁止使用下划线.

I was told that underscores are prohibited according to the HTTP RFC.

搜索，我发现大多数服务器喜欢 Apache 或 nginx 在 RFC2616 4.2 节，其中说:

Searching, I found that most servers like Apache or nginx define them as illegal in RFC2616 section 4.2, which says:

遵循与 RFC 822 [9] 第 3.1 节中给出的相同的通用格式

follow the same generic format as that given in Section 3.1 of RFC 822 [9]

RFC822 说:

字段名必须由可打印的 ASCII 字符组成(即，值介于 33. 和 126. 之间的字符，十进制，冒号除外)

The field-name must be composed of printable ASCII characters (i.e., characters that have values between 33. and 126., decimal, except colon)

下划线是 ASCII 表中 33-126 范围内的十进制字符 95.

Underscore is decimal character 95 in the ASCII table in the 33-126 range.

我错过了什么?

推荐答案

它们不是被禁止的，它是 CGI 的遗产.请参阅缺少(消失)HTTP 标头".

They are not forbidden, it's CGI legacy. See "Missing (disappearing) HTTP Headers".

如果你没有显式设置 underscores_in_headers on;，nginx 会默默地丢弃带有下划线的 HTTP 标头(根据 HTTP 标准这是完全有效的).这样做是为了防止在将标头映射到 CGI 变量时出现歧义，因为在该过程中破折号和下划线都映射到下划线.

If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.

这篇关于为什么 HTTP 服务器禁止在 HTTP 标头名称中使用下划线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！