是否允许HTTP客户端发送多个具有相同名称的标头？ [英] Is an HTTP client allowed to send multiple headers with the same name?

问题描述

我知道HTTP服务器可以发送带有重复密钥的标头（至少会出现 Set-Cookie ），但客户端是否有合理的理由这个？

I'm aware that HTTP servers can send headers with duplicate keys (at least Set-Cookie comes to mind), but is there a plausible reason for clients to do this?

推荐答案

RFC 7230在某些情况下允许重复的标题。来自第3.2.2节：

RFC 7230 does allow for duplicate headers under some circumstances. From section 3.2.2:

发件人不得在邮件中生成多个带有相同字段
name的头字段，除非该
头字段的整个字段值定义为以逗号分隔的列表[即＃（值）]
或标题字段是一个众所周知的例外（如下所述）。

A sender MUST NOT generate multiple header fields with the same field name in a message unless either the entire field value for that header field is defined as a comma-separated list [i.e., #(values)] or the header field is a well-known exception (as noted below).

收件人可以通过将每个后续字段值附加到
，将多个标题字段与相同字段
name组合成一个field-name：field-value对，而不更改消息的
语义。按顺序组合的字段值，以逗号分隔。

A recipient MAY combine multiple header fields with the same field name into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field value to the combined field value in order, separated by a comma.

一个有点似是而非的场景浮现在脑海中：当HTTP请求通过代理时，代理可能只是简单地攻击另一个标题（例如， X-Forwarded-For ，或额外的 Accept-Encoding ），而不是确定是否标头已经存在，然后相应地进行解析和修改。

One somewhat "plausible" scenario comes to mind: When the HTTP request is passing through a proxy, the proxy might simply tack on another header (say, an X-Forwarded-For, or an extra Accept-Encoding), rather than determine if a header already exists, then parse and modify it accordingly.

从技术上讲，任何客户端都允许发送多个具有相同名称的标头，只要它符合要求即可在上面的RFC 7230中。

Technically, any client is "allowed" to send multiple headers with the same name, so long as it meets the requirements in RFC 7230 above.

这篇关于是否允许HTTP客户端发送多个具有相同名称的标头？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！