Generate a HttpException
when HttpHeaders.add(...)
encounters a negative or hexadecimal encoded content-length
. Currently both are acceptable.
Also, change non-numeric input to raise a HttpException
rather than a FormatException
so that a consistent Exception
is thrown.
RFC 7230 says that the production for content-length
is:
Content-Length = 1*DIGIT
So we are currently accepting invalid input that might cause clients/servers to misbehave.
The possibility of HttpHeaders.add(...)
throwing FormatException
is undocumented so (partially) consolidate to HttpException
(which is what is what is thrown for most parse failures).
This change does not break any Google tests.
Note that this does not change the semantics of the HttpHeaders.contentLength
property where a negative value means remove the header completely.
Users should not use HttpHeaders.add(...)
to set content-length
headers that are not allowed by the RFC.
Cheers,
Brian