API Gateway: Whitespace in HTTP header name
search cancel

API Gateway: Whitespace in HTTP header name


Article ID: 207975


Updated On:


CA API Gateway


After upgrading the Layer7 infrastructure to version 9.4,  there is a scenario where the client application is making a call to Layer7 with the whitespace at the end of the http header name and Layer7 is dropping this header. However, the same header is accepted in version 9.1. Was this a new functionality or fix in version 9.4 that dropped the http header with a whitespace in the name? Is there any setting to temporarily allow whitespace in the http header name? 

correlationid :: 2ae1b12c-f0a5-4aba-99d8-05d20de3dee4


API Gateway: 9.2 CR09+


Per RFC7230:

"No whitespace is allowed between the header field-name and colon. In the past, differences in the handling of such whitespace have led to security vulnerabilities in request routing and response handling."

REF: https://tools.ietf.org/html/rfc7230#section-3.2.4

This was was implemented in GW 9.2 CR09. Any GW version prior to this accepts the whitespace.