Add workaround for noncompliant Content-Disposition headers.

Despite it not being allowed by RFC 6266, many servers send
`Content-Disposition` headers with a trailing `;`, including several major
content distribution networks. Add a check for a trailing semicolon in
`parse_content_disposition()` which will log a message at INFO level
for each offending URL and ignore the `;`.
pull/2153/head
Andrew Powers-Holmes 2023-12-10 21:46:11 +11:00
parent 5c87f1b7b6
commit 8f976f7264
1 changed files with 10 additions and 0 deletions

View File

@ -1245,6 +1245,16 @@ ssize_t parse_content_disposition(char* dest, size_t destlen,
*charsetp = nullptr;
*charsetlenp = 0;
/*
* Ignore trailing ';' in Content-Disposition header; this is not
* compliant with RFC 6266, but many servers send it anyway (e.g. CloudFront)
*/
if (len > 0 && *eop == ';') {
A2_LOG_INFO("Non-compliant Content-Disposition header (trailing ';') - "
"will ignore it");
eop--;
}
for (; p != eop; ++p) {
switch (state) {
case CD_BEFORE_DISPOSITION_TYPE: