我正在处理c#.ashx处理程序文件并具有以下代码:
context.Response.AddHeader("HTTP Header", "200");
context.Response.AddHeader("Content", "OK");
使用http协议访问此页面时,它可以正常工作,但是如果使用https,则会在chrome://net-internals/#events
下生成错误:
t=10983 [st=37] HTTP2_SESSION_RECV_INVALID_HEADER
--> error = "Invalid character in header name."
--> header_name = "http%20header"
--> header_value = "200"
t=10983 [st=37] HTTP2_SESSION_SEND_RST_STREAM
--> description = "Could not parse Spdy Control Frame Header."
--> error_code = "1 (PROTOCOL_ERROR)"
--> stream_id = 1
“ HTTP标头”是安全的标头名称吗?我读到“空格”应该不是标题中的问题,实际的问题是什么?
到目前为止,以上情况发生在chrome / safari中,但在Firefox中工作正常。
有什么建议吗?
答案 0 :(得分:1)
空格不是标题名称中的有效字符。 HTTP由RFC 7230定义。
标头字段的语法在3.2. Header Fields部分中定义
Each header field consists of a case-insensitive field name followed by a colon (":"), optional leading whitespace, the field value, and optional trailing whitespace. header-field = field-name ":" OWS field-value OWS field-name = token field-value = *( field-content / obs-fold ) field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] field-vchar = VCHAR / obs-text obs-fold = CRLF 1*( SP / HTAB ) ; obsolete line folding ; see Section 3.2.4
因此字段名称是一个令牌。令牌在3.2.6. Field Value Components
中定义Most HTTP header field values are defined using common syntax components (token, quoted-string, and comment) separated by whitespace or specific delimiting characters. Delimiters are chosen from the set of US-ASCII visual characters not allowed in a token (DQUOTE and "(),/:;?@[\]{}"). token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ; any VCHAR, except delimiters
最后一块在1.2. Syntax Notation
The following core rules are included by reference, as defined in [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR (any visible [USASCII] character).
因此标头名称中不允许使用空格。