Clever Geek Handbook

Can HTTP headers contain colons in the field value?

I recently worked with HTTP headers. I am processing the field and value from the headers of the colon-based HTTP headers assigned by the RFC. In python:

header_request_line.split(":")

However, it's a mess if colons are allowed in value fields. Consider:

User-Agent: Mozilla:4.0

which would be split into 3 lines, not 2 as I wanted.

+3


source to share


3 answers


Yes . So, you can do something like this (pseudo):

header = "User-Agent: Mozilla:4.0"
headerParts = header.split(":")

key = headerParts[0]
value = headerParts.substring(key.length).trim()

// or
value = headerParts.skip(1).join(":")


But you will probably run into various problems when parsing headers from different servers, so why not use a library?

+3


source


Yes it can

In your example, you can simply use split with the maxsplit parameter specified like this: 

header_request_line.split(":", 1)


It will produce the following result and will work regardless of the number of colons in the field value:

In [2]: 'User-Agent: Mozilla:4.0'.split(':', 1)
Out[2]: ['User-Agent', ' Mozilla:4.0']
+1


source


According to RFC 7230 , the answer is "Yes". enter image description here

The header value is a combination of {token, quoted string, comment}, separated by delimiters. The separator can be a colon.

So a header like

User-Agent: Mozilla:4.0

has a value consisting of two tokens (Mozilla, 4.0) separated by a colon.

Nobody specifically asked about this, but ... in my opinion, while the colon is ok and the quoted string is ok, it seems bad style to me to use a JSON string as the header value.

My-Header: {"foo":"bar","prop2":12345}

.. will probably work fine, but this is not what chap. 3.2.6 RFC7230. In particular, {",: all delimiters ... and some of them are sequential in this JSON. A generic HTTP header value parser that conforms to RFC7230 will not be satisfied with this value. If your system requires it, then a better idea might be is to url-encode this value.

My-Header: %7B%22foo%22%3A%22bar%22%2C%22prop2%22%3A12345%7D

But this will probably be overkill in most cases. It might be safe for you to insert JSON as the HTTP header value.

0


source






More articles:


All Articles