https://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112018-04-04T08:58:54ZRuby Issue Tracking SystemRuby master - Bug #14664: After upgrade to 2.4.4: header field value cannot include CR/LFhttps://redmine.ruby-lang.org/issues/14664?journal_id=713842018-04-04T08:58:54Znaruse (Yui NARUSE)naruse@airemix.jp
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Rejected</i></li></ul><p>It's from r61359 because HTTP doesn't allow CRLF in their header value.<br>
I think your application was silently broken from before.</p> Ruby master - Bug #14664: After upgrade to 2.4.4: header field value cannot include CR/LFhttps://redmine.ruby-lang.org/issues/14664?journal_id=713852018-04-04T09:13:02ZTietew (Toru Iwase)tietew@tietew.net
<ul></ul><p>Upgrade google-api-client gem to 0.20.0.<br>
cf. <a href="https://github.com/google/google-api-ruby-client/pull/648" class="external">https://github.com/google/google-api-ruby-client/pull/648</a></p> Ruby master - Bug #14664: After upgrade to 2.4.4: header field value cannot include CR/LFhttps://redmine.ruby-lang.org/issues/14664?journal_id=713962018-04-05T21:22:57Znormalperson (Eric Wong)normalperson@yhbt.net
<ul></ul><p><a href="mailto:naruse@airemix.jp" class="email">naruse@airemix.jp</a> wrote:</p>
<blockquote>
<p>It's from r61359 because HTTP doesn't allow CRLF in their header value.<br>
I think your application was silently broken from before.</p>
</blockquote>
<p>CRLF followed by leading-whitespace (LWS) should be allowed</p>
<p>"Host:\r\n\texample.com\r\n"<br>
"Host:\r\n example.com\r\n"</p>
<p>I think it's necessary for some base64-encoded proxy<br>
certificates embedded in headers</p>
<blockquote>
<p><a href="https://bugs.ruby-lang.org/issues/14664#change-71384" class="external">https://bugs.ruby-lang.org/issues/14664#change-71384</a></p>
</blockquote>