From db8a0c8bf1d07936691107a4ea1626112541250c Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Thu, 15 Aug 2013 19:16:09 +0400 Subject: [PATCH] SPDY: do not reject headers with empty value (ticket #396). A quote from SPDY draft 2 specification: "The length of each name and value must be greater than zero. A receiver of a zero-length name or value must send a RST_STREAM with code PROTOCOL error." But it appears that Chrome browser allows sending requests over SPDY/2 connection using JavaScript that contain headers with empty values. For better compatibility across SPDY clients and to be compliant with HTTP, such headers are no longer rejected. Also, it is worth noting that in SPDY draft 3 the statement has been changed so that it permits empty values for headers. --- src/http/ngx_http_spdy.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c index d72bc3f7c..8522c6d0a 100644 --- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2014,10 +2014,6 @@ ngx_http_spdy_parse_header(ngx_http_request_t *r) len = ngx_spdy_frame_parse_uint16(p); - if (!len) { - return NGX_ERROR; - } - /* null-terminate header name */ *p = '\0';