Rename the previously undocumented HTTPProtocol directive

to EnforceHTTPProtocol, and invert the default behavior to strictly observe RFC 7230 unless otherwise configured. And Document This. The relaxation option is renamed 'Unsafe'. 'Strict' is no longer case sensitive. 'min=0.9|1.0' is now the verbose 'Allow0.9' or 'Require1.0' case-insenstive grammer. The exclusivity tests have been modified to detect conflicts. The 'strict,log' option failed to enforce strict conformance, and has been removed. Unsafe, informational logging is possible in any loadable module, after the request data is unsafely accepted. This triggers a group of failures in t/apache/headers.t as expected since those patterns violated RFC 7230 section 3.2.4. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756540 13f79535-47bb-0310-9956-ffa450edef68
2025-08-10 02:56:11 +00:00 · 2016-08-16 18:11:14 +00:00
parent 2c87430863
commit fc367d65ee
5 changed files with 110 additions and 65 deletions
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@ -1246,9 +1246,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
    }

    conf = ap_get_core_module_config(r->server->module_config);
-    if (conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) {
+    if (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE) {
        int ok = check_headers(r);
-        if (!ok && !(conf->http_conformance & AP_HTTP_CONFORMANCE_LOGONLY)) {
+        if (!ok) {
            ap_die(HTTP_INTERNAL_SERVER_ERROR, r);
            return AP_FILTER_ERROR;
        }