Forum: NGINX nginx does not allow multiple lines in a header value?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
5dd2ca12489a898c4ab33f2bca648c0d?d=identicon&s=25 Adam Greene (Guest)
on 2009-02-23 06:31
(Received via mailing list)
hey folks,

I ran into a funny issue with nginx when working on accepting oauth
calls.
Nginx is stripping the authorization header out if the field value
contains
newlines.  Http 1.1 guidelines state that this is valid:



to recreate, do the following:
* add $http_authorization to your nginx 'log_format main' clause so you
can
see what is happening (or print out the headers from wherever nginx
proxies
the call to)

* run a curl command like this against your nginx server:
curl -d '' -H 'Authorization: OAuth realm="",
    oauth_signature_method="HMAC-SHA1",
    oauth_signature="RmNuGxdkf6EaU%2Fy4PXgHj07aA3I%3D",
    oauth_nonce="49a19e21eebf0",
    oauth_timestamp="1235328545",
    oauth_token="some_token",
    oauth_consumer_key="consumer_key",
    oauth_version="1.0"' http://your.server.com

* you'll see the header value terminated after the first 'OAuth
realm="",'
* try the same curl command but remove the return characters, and it
will
work

the same behavior occurs when I strip out all proxy, compression, and
ssl
and try to leave a very basic config file.  here is some information
about
nginx:

# nginx -V
nginx version: nginx/0.6.34
built by gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu3)
configure arguments: --sbin-path=/usr/sbin
--conf-path=/etc/nginx/nginx.conf
--pid-path=/var/run/nginx.pid --with-http_ssl_module
--with-http_stub_status_module
--add-module=/tmp/src/nginx/modules/nginx-upstream-fair

I'm a bit surprised that I'm seeing this and while I'm starting to
suspect
nginx I'm sure it is possible that I'm missing something.  If this is a
valid bug, let me know what you would like in terms of additional
documentation, examples, etc.

thank you!
Adam
This topic is locked and can not be replied to.