是否可以在HTTP标头字段中包含多个CRLF？ [英] Is it possible to include multiple CRLFs in a HTTP header-field?

问题描述

以下是最新HTTP RFC 7230中的HTTP消息定义

Below is HTTP-message definition in latest HTTP RFC 7230

 HTTP-message   = start-line
                  *( header-field CRLF )
                  CRLF
                  [ message-body ]

以下是header-field的定义，

Below is definition of header-field,

 header-field   = field-name ":" OWS field-value OWS

 field-name     = token
 field-value    = *( field-content / obs-fold )
 field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
 field-vchar    = VCHAR / obs-text

 obs-fold       = CRLF 1*( SP / HTAB )

..和：

obs-text       = %x80-FF

..和 ABNF ：

 VCHAR          =  %x21-7E
                                 ; visible (printing) characters

我们可以看到，字段值可能有多个obs-folds和obs - 折叠有一个CRLF。我认为CRLF是标题行的结尾对我来说很奇怪。有一个例子，多个CRLF被编码到一个标题字段中吗？或者，我是否误解了这个定义？

As we can see, field-value could have multiple obs-folds and obs-folds has one CRLF. It is strange for me for I think CRLF is the end of a header line. Is there an example that multiple CRLFs are encoded into one header-field? Or, do I misunderstand the definition?

推荐答案

您对标准的理解是正确的。过去， RFC 2616 支持多行标题值。此功能称为行折叠：

Your understanding of the standard is correct. In the past, multi-line header values were supported under RFC 2616. This feature was known as "Line Folding":

如果延续行开头，HTTP / 1.1标题字段值可以折叠到多行空格或水平标签。所有线性空白区域（包括折叠）都具有与SP相同的语义。在解释字段值或向下游转发消息之前，收件人可以用单个SP替换任何线性空格。

HTTP/1.1 header field values can be folded onto multiple lines if the continuation line begins with a space or horizontal tab. All linear white space, including folding, has the same semantics as SP. A recipient MAY replace any linear white space with a single SP before interpreting the field value or forwarding the message downstream.

所以以下两个表格是等价的：

So the following two forms are equivalent:

标题：value1，value2

Header: value1,
        value2

较新的 RFC 7230 明确弃用此内容。事实上，obs-fold中的obs代表过时。

The newer RFC 7230 explicitly deprecates this. In fact the "obs" in "obs-fold" stands for "obsolete".

历史上，HTTP头字段值可以扩展到多个
行，每个额外行前面至少有一个空格或
水平制表符（obs-fold）。除了在消息/ http媒体类型（第8.3.1节）中之外，此规范不推荐使用此行
折叠。一个
的发送者不得生成包含行折叠的消息（即，
具有包含与遮蔽折叠规则匹配的任何字段值）
除非该消息用于打包在消息/ http
媒体类型中。

Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type (Section 8.3.1). A sender MUST NOT generate a message that includes line folding (i.e., that has any field-value that contains a match to the obs-fold rule) unless the message is intended for packaging within the message/http media type.

所以尽管我在实践中从未见过这个功能（或者至少没有注意到它），但它确实存在。此外，似乎行折叠甚至没有完全弃用，并且仍然允许使用HTTP媒体类型标题。

So although I've never seen this feature in practice (or at least haven't noticed it), it exists. Moreover, it seems that line folding wasn't even completely deprecated, and its use is still allowed for the HTTP media type header.

仍支持多行标题 PHP 等语言的标准HTTP头解析器[ arv ]， Java ，并 Go 。

Multi-line headers are still supported by standard HTTP header parsers in languages such as PHP [arv], Java, and Go.

我设法找到这样一个标题的唯一具体例子是在这个 technet博客文章，其中包含以下图片：

The only concrete example I managed to find of such a header was in this technet blog post which has this image:

注意黄色 0d 0a （回车，换行）在 Content-Type 标题中。

Note the yellow 0d 0a (carriage return, line feed) WITHIN the Content-Type header.

这篇关于是否可以在HTTP标头字段中包含多个CRLF？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！