Multiple message-header fields handling

Manlio_P · October 2, 2007, 10:13pm

I have found a “problem” with multiple message-header fields handling in
Nginx.

The HTTP 1.1 protocol (section 4.2) says that:

“”“Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)].”""

This can happen, as an example, with the Cookie header.

The “problem” is that Nginx does not combines these multiple headers:

“”“It MUST be possible to combine the multiple header fields into one
“field-name: field-value” pair, without changing the semantics of the
message, by appending each subsequent field-value to the first, each
separated by a comma. The order in which header fields with the same
field-name are received is therefore significant to the interpretation
of the combined field value, and thus a proxy MUST NOT change the order
of these field values when a message is forwarded.”""

Igor, do you plan to add this feature in a future version?

Thanks and regards Manlio P.

Manlio_P · October 3, 2007, 8:40am

On Tue, Oct 02, 2007 at 10:02:38PM +0200, Manlio P. wrote:

Igor, do you plan to add this feature in a future version?

nginx does not join headers as Apache does.
However, all headers are passed to a proxied server/etc as is if they
are not overwritten.
As to the cookies nginx treats them specially and $http_cookie includes
all Cookie header fields.

Manlio_P · October 3, 2007, 5:06pm

On Wed, Oct 03, 2007 at 04:09:49PM +0200, Manlio P. wrote:

Ok.

However, all headers are passed to a proxied server/etc as is if they
are not overwritten.

The problem is that a WSGI application receives the headers in a Python
dictionary (an associative array).
This means that I MUST fold the headers.

All headers are available in r->headers_in.headers list.

As to the cookies nginx treats them specially and $http_cookie includes
all Cookie header fields.

Cookies are a mess.
Does nginx apply some for of preprocessing?

I do not understand the question.

Manlio_P · October 3, 2007, 4:23pm

Igor S. ha scritto:

On Tue, Oct 02, 2007 at 10:02:38PM +0200, Manlio P. wrote:

I have found a “problem” with multiple message-header fields handling in
Nginx.

[…]

Igor, do you plan to add this feature in a future version?

nginx does not join headers as Apache does.

Ok.

However, all headers are passed to a proxied server/etc as is if they
are not overwritten.

The problem is that a WSGI application receives the headers in a Python
dictionary (an associative array).
This means that I MUST fold the headers.

As to the cookies nginx treats them specially and $http_cookie includes
all Cookie header fields.

Cookies are a mess.
Does nginx apply some for of preprocessing?

Thanks and regards Manlio P.

Manlio_P · October 3, 2007, 5:26pm

On Wed, Oct 03, 2007 at 05:07:35PM +0200, Manlio P. wrote:

Igor, do you plan to add this feature in a future version?

A solution is to do:

This is not very efficient, if I have to do many strings concatenations.

Actually requests with multi line headers are seldom.

As to the cookies nginx treats them specially and $http_cookie includes
all Cookie header fields.

Cookies are a mess.
Does nginx apply some for of preprocessing?

I do not understand the question.

Errata to RFC 2965, HTTP State Management

I still do not understand.
$http_cookie joins cookies using "; " without any processing, see
ngx_http_variable_headers().

Manlio_P · October 3, 2007, 5:19pm

Igor S. ha scritto:

nginx does not join headers as Apache does.
Ok.

However, all headers are passed to a proxied server/etc as is if they
are not overwritten.
The problem is that a WSGI application receives the headers in a Python
dictionary (an associative array).
This means that I MUST fold the headers.

All headers are available in r->headers_in.headers list.

In fact I iterate over this list doing (pseudo Python code):

environ = {}
for key, value in r->headers_in.headers list:
environ[key] = value

The problem is that I only save the last multi line header.

A solution is to do:

environ = {}
for key, value in r->headers_in.headers list:
# check if this is a multiline header
old = environ.get(key, None)
if old is None:
environ[key] = value
else:
# fold the header value
environ[key] = old + ", " + value

This is not very efficient, if I have to do many strings concatenations.

As to the cookies nginx treats them specially and $http_cookie includes
all Cookie header fields.

Cookies are a mess.
Does nginx apply some for of preprocessing?

I do not understand the question.

http://kristol.org/cookie/errata.html

Thanks and regards Manlio P.

Manlio_P · October 3, 2007, 7:50pm

Igor S. ha scritto:

[…]

Actually requests with multi line headers are seldom.

Thanks, this is a good news.

ngx_http_variable_headers().

Sorry.
What I meant is that, in HTTP 1.1, only headers with values separed by
“,” can be splitted on multiple lines:

“”“Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)]”""

However the Cookie header uses “;” as the separator.

P.S.
reading the RFC 2965, I see a:
cookie = “Cookie:” cookie-version 1*((";" | “,”) cookie-value)

so it seems that both “;” and “,” can be used…

Manlio P.