Spaces incorrectly allowed in header field names

[kenballus]

When cpp-httplib receives a request with a header name containing spaces, it allows the spaces to persist into the header name. This is invalid, because spaces are not permitted in header names.

This can be confirmed by

1. running a cpp-httplib server that echos header names (like this one),
2. sending it a request with spaces in a header name, and extracting the echoed header name:

printf 'GET / HTTP/1.1\r\n  Test: whatever\r\nHost: whatever\r\n\r\n' \
    | timeout 1 ncat --no-shutdown localhost 80 \
    | grep headers \
    | jq '.["headers"][1][0]' \
    | xargs echo \
    | base64 -d \
    | xxd

00000000: 2020 5465 7374                             Test

Note that the spaces are still there in the header name.

The correct behavior in this scenario is to reject the request with a 400.

[yhirose-jw]

@kenballus thanks for the report! By the way, cpp-httplib doesn't support obs-fold intentionally.

[kenballus]

Yep; modern servers have no need to support obs-fold.

I guess this is a more general issue, then. Spaces shouldn't be allowed in header field names. Title and content of report updated to match.