C#ASHX addHeader导致错误

时间:2018-07-13 08:46:05

标签: c# ashx

我正在处理c#.ashx处理程序文件并具有以下代码:

context.Response.AddHeader("HTTP Header", "200");
context.Response.AddHeader("Content", "OK");

使用http协议访问此页面时,它可以正常工作,但是如果使用https,则会在chrome://net-internals/#events下生成错误:

t=10983 [st=37]    HTTP2_SESSION_RECV_INVALID_HEADER
                   --> error = "Invalid character in header name."
                   --> header_name = "http%20header"
                   --> header_value = "200"
t=10983 [st=37]    HTTP2_SESSION_SEND_RST_STREAM
                   --> description = "Could not parse Spdy Control Frame Header."
                   --> error_code = "1 (PROTOCOL_ERROR)"
                   --> stream_id = 1

“ HTTP标头”是安全的标头名称吗?我读到“空格”应该不是标题中的问题,实际的问题是什么?

到目前为止,以上情况发生在chrome / safari中,但在Firefox中工作正常。

有什么建议吗?

1 个答案:

答案 0 :(得分:1)

空格不是标题名称中的有效字符。 HTTP由RFC 7230定义。

标头字段的语法在3.2. Header Fields部分中定义

   Each header field consists of a case-insensitive field name followed
   by a colon (":"), optional leading whitespace, the field value, and
   optional trailing whitespace.

     header-field   = field-name ":" OWS field-value OWS

     field-name     = token
     field-value    = *( field-content / obs-fold )
     field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
     field-vchar    = VCHAR / obs-text

     obs-fold       = CRLF 1*( SP / HTAB )
                    ; obsolete line folding
                    ; see Section 3.2.4

因此字段名称是一个令牌。令牌在3.2.6. Field Value Components

中定义
   Most HTTP header field values are defined using common syntax
   components (token, quoted-string, and comment) separated by
   whitespace or specific delimiting characters.  Delimiters are chosen
   from the set of US-ASCII visual characters not allowed in a token
   (DQUOTE and "(),/:;?@[\]{}").

     token          = 1*tchar

     tchar          = "!" / "#" / "$" / "%" / "&" / "'" / "*"
                    / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
                    / DIGIT / ALPHA
                    ; any VCHAR, except delimiters

最后一块在1.2. Syntax Notation

   The following core rules are included by reference, as defined in
   [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
   (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
   HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line
   feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR (any
   visible [USASCII] character).

因此标头名称中不允许使用空格。