Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was surprised to read that this is actually a totally valid HTTP/1.1 application, according to the RFC. The only thing you need is the status line (http version, status code, status message, CRLF) and then the message body.

Things sure have come a long way.



It's neat, but I don't believe it is a compliant implementation of HTTP/1.1 (or 1.0). For example, it does not handle percent-encoded characters in the request URI.[1][2]

[1]: https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.1

[2]: https://www.w3.org/Protocols/HTTP/1.0/spec.html#Request-URI


Two CRLF pairs (one to terminate the status line, one to terminate the (empty) headers), which this is one CR short of. Trivially fixable, though it'd mess up the P slightly…


Thanks for noticing this, I fixed it on github. However, it seems that browsers are simply ignoring CRs. So that "\n\n" is enough.


Yeah, I would expect browsers to do a number of non-standard things. It is possible with most of them to construct & send malformed requests.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: