| commit | fddbfa6929569685bcb92f54f6938df97bccd575 | |
| author | Eric Wong <normalperson@yhbt.net> | |
| Wed, 6 Jan 2010 01:48:13 +0000 (5 17:48 -0800) | ||
| committer | Eric Wong <normalperson@yhbt.net> | |
| Wed, 6 Jan 2010 01:48:13 +0000 (5 17:48 -0800) | ||
| tree | 7246784f5b5bb620df7d69897ec7627ccb8812e0 | treesnapshot (tar.gz zip) |
| parent | d541fd3ee9aa4ddbc3b4f8a14bbea43de19a31d9 | commitdiff |
http_response: disallow blank, multi-value headers
The HeaderHash optimizations in Rack 1.1 interact badly with
Rails 2.3.5 (and possibly other frameworks/apps) which set
multi-value "Set-Cookie" headers without relying on the proper
methods provided by Rack::Utils.
While this is an issue with Rails not using properly, there
may be similar apps that make this mistake and Rack::Lint
does not guard against it.
Rack-ML-Ref: <20100105235845.GB3377@dcvr.yhbt.net>
The HeaderHash optimizations in Rack 1.1 interact badly with
Rails 2.3.5 (and possibly other frameworks/apps) which set
multi-value "Set-Cookie" headers without relying on the proper
methods provided by Rack::Utils.
While this is an issue with Rails not using properly, there
may be similar apps that make this mistake and Rack::Lint
does not guard against it.
Rack-ML-Ref: <20100105235845.GB3377@dcvr.yhbt.net>
| lib/rainbows/http_response.rb | diffblobblamehistory |