On Wed, Apr 02, 2025 at 03:55:08PM +0200, Nicolas George wrote: > debian-u...@howorth.org.uk (HE12025-04-02): > > Well, practically it makes no difference. If I send with or without an > > HTTP version I get the same Bad Request response. And it makes no > > difference whether I use HTTP/1.0 or HTTP/1.1. > > Does it make a difference if you send CRLF instead of LF, as Tomas > mentioned? For that, you would need to hit ctrl-enter and see ^M in the > terminal, each time before you hit enter.
To be fair, I said that most web servers are lenient. The RFCs state CRLF, though. I've been immersed in $DAYJOB, so I haven't been paying very close attention, but my impression was that the problem is solved? FWIW, my local web server, a lighttpd, responds also with a "400 Bad Request" to a "GET /" without a version. Some randomly tested hosts "out there" sometimes play along, sometimes not. And oh, telnet converts the LFs to CRLFs. With nc (which doesn't translate), LFs alone also elicit a Bad Request (again, on my local lighttpd instance). Cheers -- t
signature.asc
Description: PGP signature
