HTTP protocol violation errors in .NET 1.1 SP1

less than 1 minute read

Dare Obasanjo posts about a change in .NET 1.1 SP1 that can result in errors in RSS Bandit.

SP1 introduces new stricter parsing for the headers stored in a WebHeaderCollection. This was added as a security precaution and is of particular importance on servers. For example, Sanctum recently published a paper describing potential attacks on sites by sending badly formed headers in web requests. The new parser imposes a strict interpretation of RFC 2616.

As in Dare’s case, it may be necessary to disable this new behaviour if you communicate with servers that do return invalid headers such as including spaces in header names. You do this by adding a new setting to the application .config file:

<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net> 

(See MSDN Product Feedback Center)

Updated: