Sascha Schumann a8136b4dba Defend against pipelined requests on persistent connections as used by ...

IRCG. These could cause thttpd to start a second request in the same
connection context, and thereby causing real damage.

Mozilla 1.0.1 is buggy in that context: When HTTP/1.1 pipelining is
enabled (defaults to off), it will send any number of requests over
a persistent connection (which is fine), even after it has received
a "Connection: close" header field in a subsequent response header.
This blatantly violates RFC 2616, section 8.1.2. Because it cannot
receive any response on the dead connection, the download manager
pops up and tries to download a file (which never arrives).

Also, we don't try to send a 400 message anymore, if the connection
dies.

2002-11-10 15:21:13 +00:00

47 KiB

Raw Blame History

View Raw