Message212754
I worked out that the essence of the test is to insert an extra \n at the end of a GET request line. The request is syntactically invalid for HTTP. The \n\r\n appears like two blank lines, implying no headers, but the headers then follow where no data should be. The server is supposed to respond with status 501, because it does not, in fact, define a GET operation.
To find the replacement test plausible you have to accept that, with a server that doesn't define GET, the verb may as well be XYZBOGUS. Since the security filter doesn't understand that verb either (unlike GET), it doesn't interfere in the test. |
|
Date |
User |
Action |
Args |
2014-03-04 23:51:29 | jeff.allen | set | recipients:
+ jeff.allen, terry.reedy, orsenthil, fwierzbicki, ezio.melotti, r.david.murray, Claudiu.Popa |
2014-03-04 23:51:29 | jeff.allen | set | messageid: <1393977089.34.0.0764139163204.issue20155@psf.upfronthosting.co.za> |
2014-03-04 23:51:29 | jeff.allen | link | issue20155 messages |
2014-03-04 23:51:28 | jeff.allen | create | |
|