HTTP protocol violation errors in .NET 1.1 SP1

<< Windows Media Player 10 Available Now - Supports MSN Music Beta | Home | WS-Security and hashed password stores >>

Dare Obasanjo posts about a change in .NET 1.1 SP1 that can result in errors in RSS Bandit.

SP1 introduces new stricter parsing for the headers stored in a WebHeaderCollection. This was added as a security precaution and is of particular importance on servers. For example, Sanctum recently published a paper describing potential attacks on sites by sending badly formed headers in web requests. The new parser imposes a strict interpretation of RFC 2616.

As in Dare's case, it may be necessary to disable this new behaviour if you communicate with servers that do return invalid headers such as including spaces in header names. You do this by adding a new setting to the application .config file:

<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>

(See MSDN Product Feedback Center)

posted on Saturday, September 04, 2004 4:47 PM |

Comments have been closed on this topic.