From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.25.16.234 with SMTP id 103csp46790lfq; Tue, 10 May 2016 22:04:54 -0700 (PDT) X-Received: by 10.129.83.213 with SMTP id h204mr552378ywb.276.1462943094292; Tue, 10 May 2016 22:04:54 -0700 (PDT) Return-Path: Received: from mail-yw0-x23f.google.com (mail-yw0-x23f.google.com. [2607:f8b0:4002:c05::23f]) by mx.google.com with ESMTPS id a62si913621ywb.70.2016.05.10.22.04.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 May 2016 22:04:54 -0700 (PDT) Received-SPF: pass (google.com: domain of rack-devel+bncBD4PTDWJVIEBB5H2ZK4QKGQET2X2HOA@googlegroups.com designates 2607:f8b0:4002:c05::23f as permitted sender) client-ip=2607:f8b0:4002:c05::23f; Authentication-Results: mx.google.com; dkim=pass header.i=@googlegroups.com; spf=pass (google.com: domain of rack-devel+bncBD4PTDWJVIEBB5H2ZK4QKGQET2X2HOA@googlegroups.com designates 2607:f8b0:4002:c05::23f as permitted sender) smtp.mailfrom=rack-devel+bncBD4PTDWJVIEBB5H2ZK4QKGQET2X2HOA@googlegroups.com Received: by mail-yw0-x23f.google.com with SMTP id v81sf4768200ywa.0; Tue, 10 May 2016 22:04:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=sender:date:from:to:subject:message-id:mime-version :content-disposition:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=d7u+GAw8NhjewsQ1t6CkuNuyUjsQjo/iTdQNnkJFI7U=; b=fxfh2Qj/7KgODCrtp0nN7bJ9h+4TYgaqVYa0F4CDWO46NAUVwvaT/iriGpHgR+6xMj fNS5pwlE2cAYdh05+RZcFKH8sfgijvPWUtqkGSfX+tdMsOMEAOklyPyF9JyGzrojN02I DzlWJ2OyeFsR70DvCHbnMMI9c1IdcPjV8VmDMgj0j6cM5qZ8jhDrBKN1UVfYEW/pgkj9 xWLHvUB7PgYkCvEkA2lauQAMTAGk6HDrj1xmxXT6aHGbqA/vwwAGDSKGQAQR2IOxbIxo FwaWSf1k3p64Wo2nbz3ETqT+N5dtFDrgDrb2BS7xGkuRJ9OkWDgAYnPcVUvBUMntyaKc fQjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=sender:x-gm-message-state:date:from:to:subject:message-id :mime-version:content-disposition:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=d7u+GAw8NhjewsQ1t6CkuNuyUjsQjo/iTdQNnkJFI7U=; b=DKnrAY2vS7UlGhiAyIpivIGyKVWxpZAK3ZCbCNl9WJvZCipff6mDHkQFFn/recuVsU 7ZKCbVMgKmTpd1EvUfwHihPRUZhKN9oZ9heAJuy4n8YNndQvusgSCcB/mmBz0SbKhpMq fQSqkXUtu6ReM1KaWLxantIpxLoWPicybZ9pLrcfsOyxaCgSdayLfpVC/8xvr92q6gVL qtUz5K4GqwLroMhKDOBsnOdiAphjHLFToGFNiCCOwbfeGQj6MGJ4LYmfLDltCzXbIux4 wZe/ZLZL6Pn6Y5eOYqSZ1bVnFsNH5jzFv8Rzb9xbGSvcjLVnEwu1hzrw4pE8EYfJK8VC tPLw== Sender: rack-devel@googlegroups.com X-Gm-Message-State: AOPr4FVrP1c25N/uqAwWBd1wyLUCgWFY5TkvNI6ohFi+5GMUgyZlXYUbvpoJEIlWWp0nuA== X-Received: by 10.157.8.54 with SMTP id 51mr8992oty.13.1462943093724; Tue, 10 May 2016 22:04:53 -0700 (PDT) X-BeenThere: rack-devel@googlegroups.com Received: by 10.157.16.42 with SMTP id h39ls270928ote.90.gmail; Tue, 10 May 2016 22:04:52 -0700 (PDT) X-Received: by 10.157.2.72 with SMTP id 66mr904161otb.31.1462943092659; Tue, 10 May 2016 22:04:52 -0700 (PDT) Received: from dcvr.yhbt.net (dcvr.yhbt.net. [64.71.152.64]) by gmr-mx.google.com with ESMTPS id 17si991392pfw.0.2016.05.10.22.04.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 May 2016 22:04:52 -0700 (PDT) Received-SPF: pass (google.com: domain of e@80x24.org designates 64.71.152.64 as permitted sender) client-ip=64.71.152.64; Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 5DDBA20D58; Wed, 11 May 2016 05:04:51 +0000 (UTC) Date: Wed, 11 May 2016 05:04:51 +0000 From: Eric Wong To: rack-devel@googlegroups.com Subject: rack.hijack response header check is case-insensitive? Message-ID: <20160511050451.GA23544@dcvr.yhbt.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline X-Original-Sender: e@80x24.org X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of e@80x24.org designates 64.71.152.64 as permitted sender) smtp.mailfrom=e@80x24.org Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: rack-devel@googlegroups.com X-Google-Group-Id: 486215384060 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , The following snippet in lib/rack/handler/webrick.rb seems to imply case-insensitivity by downcasing the comparison to RACK_HIJACK (defined as "rack.hijack" in lib/rack.rb): status, headers, body = @app.call(env) begin res.status = status.to_i headers.each { |k, vs| next if k.downcase == RACK_HIJACK if k.downcase == "set-cookie" res.cookies.concat vs.split("\n") else But I don't see SPEC mentioning case-insensitivity regarding "rack." stuff... Then a few lines down in the same method, it does this: io_lambda = headers[RACK_HIJACK] But the server handler has no idea if "headers" here is the case-insensitive Rack::Utils::HeaderHash or not. Actually, SPEC does not even require response headers to respond to a #[] method, only #each. I'm pretty sure it's not a real problem, since I doubt anybody would want to capitalize anything starting with "rack.*". At least I really hope not; one of the reasons I love Ruby is capitalization is uncommon. CamelCaseMakesMyEyesBleed :*< -- --- You received this message because you are subscribed to the Google Groups "Rack Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/d/optout.