From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.25.16.234 with SMTP id 103csp47333lfq; Tue, 10 May 2016 22:06:30 -0700 (PDT) X-Received: by 10.157.14.1 with SMTP id c1mr641358otc.77.1462943190358; Tue, 10 May 2016 22:06:30 -0700 (PDT) Return-Path: Received: from mail-ob0-x23d.google.com (mail-ob0-x23d.google.com. [2607:f8b0:4003:c01::23d]) by mx.google.com with ESMTPS id ej4si711726oeb.42.2016.05.10.22.06.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 May 2016 22:06:30 -0700 (PDT) Received-SPF: pass (google.com: domain of rack-devel+bncBD75LW742ECRBVP3ZK4QKGQEPZEX4DI@googlegroups.com designates 2607:f8b0:4003:c01::23d as permitted sender) client-ip=2607:f8b0:4003:c01::23d; Authentication-Results: mx.google.com; dkim=pass header.i=@googlegroups.com; dkim=pass header.i=@gmail.com; spf=pass (google.com: domain of rack-devel+bncBD75LW742ECRBVP3ZK4QKGQEPZEX4DI@googlegroups.com designates 2607:f8b0:4003:c01::23d as permitted sender) smtp.mailfrom=rack-devel+bncBD75LW742ECRBVP3ZK4QKGQEPZEX4DI@googlegroups.com; dmarc=pass (p=NONE dis=NONE) header.from=gmail.com Received: by mail-ob0-x23d.google.com with SMTP id yc3sf1311749obc.1; Tue, 10 May 2016 22:06:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=sender:mime-version:in-reply-to:references:date:message-id:subject :from:to:x-original-sender:x-original-authentication-results :reply-to:precedence:mailing-list:list-id:x-spam-checked-in-group :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=yZGOgYZNlMmW9Ad83BGf2ySjZFthpQ6SCM0fx1Ye2lI=; b=nImpkpuTvJbPKfX4bGITQTf7EZyJEik/GDlV9yK4z9293Fp2GsB0CBZqwO5ZPC5HrZ q8dRA/7IhCf4tb53GGlJkTrMmM14931D15A9quWuutJIvkKxqYjNg+ud1KQPmRkKtyGB kKU/JETyjqawGau/I91ZsiJcJfc997qb5EX7/uzYr63Cwsa1jvWpRzbT4Lm4hGS6xjBl TNJZMXjGxogR/d4+K9IiBq9v2+Ew9NwKs0pu96EznHm8QvVBh518QeEzlte2ONzQrisQ dmL0fSvzPp5v3ItxB1xYNOg/MyqyL+twXkp6uFMmU+u1AOJbgs3KnByiHWm/AipezuEV /BhA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=yZGOgYZNlMmW9Ad83BGf2ySjZFthpQ6SCM0fx1Ye2lI=; b=RDG7gNqq+zHkwAyWbrrgKSpWwkUd3xYic6bLJDCg7OkyJ9c91XRmSmPspSS7x8nQgY WrsqecwKNtAdH5+Nmgz6TEQmlbjGjnW8kLGmAScLPmGFvWtt1U7ZT+sa/tf4WvPfdXoQ joiX9QIXxUM7CUM7SrqJipCjyn027w++zdqu5en6NCrN38Ctnq02hcsfuQl8pWo09Qa1 EKdaONoctmhd3QKyJBpQ+Joy58rD8ccWGpUII4FYlM08SuieRNscVlmE+lWPd3j+RFin 6x+NMKtTBSQUrfsL2UO/PBUdligiuw9PjI0JE3g6bMJqopEiIRZE+ulO/jQ9UECjRHov hI5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=sender:x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=yZGOgYZNlMmW9Ad83BGf2ySjZFthpQ6SCM0fx1Ye2lI=; b=OLos5HIikEYTogpJ42o8PYYPpvCJ8yc9IZR5b1dQaMvHRLOjy1dtG/83Zvjz+88swQ MLFXiPwPupPn7ohZ6ZgqBUkMRPHxtDBREdJp6Wf4czgHnpL0HJxl3CEhCiCEHg7F1r7g XBJa/Wh6cgVBVBddTFmnBBH5Ab6oyoSk6rTOyVlOvlDGu6QwKDxYXVv2ztnHlDk+Qoh/ xj+2n5lFOe3Cdno4nxhoVM/yD2S78PNg+AsTa8qjKrS+js939xzv1aCjwl9CWKk37Lrl yaX2Yl2mvcBf1Gg6szxvVobC9kkScNMUEI2qRLDPslREVxw73m89xt4yqC3Shkf91zob pZqA== Sender: rack-devel@googlegroups.com X-Gm-Message-State: AOPr4FVkYI2vSq6HKxBhN130JA+VwLqXj42a0e7vVDL6KMps1X6Am/3ZLNlGwG6gbzZU7w== X-Received: by 10.50.98.70 with SMTP id eg6mr329857igb.4.1462943189879; Tue, 10 May 2016 22:06:29 -0700 (PDT) X-BeenThere: rack-devel@googlegroups.com Received: by 10.107.18.198 with SMTP id 67ls339257ios.76.gmail; Tue, 10 May 2016 22:06:29 -0700 (PDT) X-Received: by 10.66.25.199 with SMTP id e7mr933926pag.44.1462943189347; Tue, 10 May 2016 22:06:29 -0700 (PDT) Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com. [2607:f8b0:4001:c06::22c]) by gmr-mx.google.com with ESMTPS id hx10si1845466igb.0.2016.05.10.22.06.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 May 2016 22:06:29 -0700 (PDT) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4001:c06::22c as permitted sender) client-ip=2607:f8b0:4001:c06::22c; Received: by mail-io0-x22c.google.com with SMTP id f89so41117899ioi.0 for ; Tue, 10 May 2016 22:06:29 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.107.160.5 with SMTP id j5mr1851113ioe.42.1462943189139; Tue, 10 May 2016 22:06:29 -0700 (PDT) Received: by 10.36.110.198 with HTTP; Tue, 10 May 2016 22:06:28 -0700 (PDT) Received: by 10.36.110.198 with HTTP; Tue, 10 May 2016 22:06:28 -0700 (PDT) In-Reply-To: <20160511050451.GA23544@dcvr.yhbt.net> References: <20160511050451.GA23544@dcvr.yhbt.net> Date: Tue, 10 May 2016 22:06:28 -0700 Message-ID: Subject: Re: rack.hijack response header check is case-insensitive? From: James Tucker To: Rack Development Content-Type: multipart/alternative; boundary=001a1140e8301db98b05328a0119 X-Original-Sender: jftucker@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com; spf=pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4001:c06::22c as permitted sender) smtp.mailfrom=jftucker@gmail.com; dmarc=pass (p=NONE dis=NONE) header.from=gmail.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: rack-devel@googlegroups.com X-Google-Group-Id: 486215384060 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , --001a1140e8301db98b05328a0119 Content-Type: text/plain; charset=UTF-8 It is case sensitive. Would welcome a spec bug fix patch to declare it so. On May 10, 2016 10:04 PM, "Eric Wong" wrote: > The following snippet in lib/rack/handler/webrick.rb seems > to imply case-insensitivity by downcasing the comparison > to RACK_HIJACK (defined as "rack.hijack" in lib/rack.rb): > > status, headers, body = @app.call(env) > begin > res.status = status.to_i > headers.each { |k, vs| > next if k.downcase == RACK_HIJACK > > if k.downcase == "set-cookie" > res.cookies.concat vs.split("\n") > else > > But I don't see SPEC mentioning case-insensitivity regarding > "rack." stuff... > > Then a few lines down in the same method, it does this: > > io_lambda = headers[RACK_HIJACK] > > But the server handler has no idea if "headers" here is the > case-insensitive Rack::Utils::HeaderHash or not. Actually, > SPEC does not even require response headers to respond to a > #[] method, only #each. > > I'm pretty sure it's not a real problem, since I doubt anybody > would want to capitalize anything starting with "rack.*". > At least I really hope not; one of the reasons I love Ruby > is capitalization is uncommon. CamelCaseMakesMyEyesBleed :*< > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Rack Development" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rack-devel+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "Rack Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/d/optout. --001a1140e8301db98b05328a0119 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

It is case sensitive. Would welcome a spec bug fix patch to = declare it so.

On May 10, 2016 10:04 PM, "Eric Wong" = <e@80x24.org> wrote:
The following snippet in lib/rack= /handler/webrick.rb seems
to imply case-insensitivity by downcasing the comparison
to RACK_HIJACK (defined as "rack.hijack" in lib/rack.rb):

=C2=A0 =C2=A0 =C2=A0 =C2=A0 status, headers, body =3D @app.call(env)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 begin
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 res.status =3D status.to_i
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 headers.each { |k, vs|
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 next if k.downcase =3D=3D RACK_HI= JACK

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if k.downcase =3D=3D "set-co= okie"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 res.cookies.concat vs.spli= t("\n")
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 else

But I don't see SPEC mentioning case-insensitivity regarding
"rack." stuff...

Then a few lines down in the same method, it does this:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 io_lambda =3D headers[RACK_HIJACK]

But the server handler has no idea if "headers" here is the
case-insensitive Rack::Utils::HeaderHash or not.=C2=A0 Actually,
SPEC does not even require response headers to respond to a
#[] method, only #each.

I'm pretty sure it's not a real problem, since I doubt anybody
would want to capitalize anything starting with "rack.*".
At least I really hope not; one of the reasons I love Ruby
is capitalization is uncommon.=C2=A0 CamelCaseMakesMyEyesBleed :*<

--

---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-d= evel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-dev= el+unsubscribe@googlegroups.com.
For more options, visit http= s://groups.google.com/d/optout.
--001a1140e8301db98b05328a0119--