Invalid header parsing

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Invalid header parsing

I noticed last night that our request headers extractors were all using the same formula for parsing header values. This is broke. If your header value has a , or ; in a single value it will be susceptible to this bug if the header in question is not meant to be delimited by , or ;.

I ran into a hint of this [1] the other day. I'll be looking into this tonight. I created a gh issue for it [2] and a branch for the refactor [3] with one failing test [4]. I have a pretty good idea of how I'm going to fix it but I wanted make you all aware in case your app depends on the header extractors.

We'll probably do another release this week with the fix.