Navigation section
content length header
About this tag
The content-length header is a critical HTTP header that specifies the size of the message body in bytes. On WindowsForum.com, discussions cover proper parsing and security implications, including a Node.js vulnerability (CVE-2018-7159) where the parser incorrectly accepted spaces within the numeric value, violating RFC 7230. This tag includes topics on HTTP compliance, server-side validation, and the impact of header parsing on application security. Developers and IT professionals share fixes and best practices for ensuring correct content-length handling in web servers and applications, particularly in Windows environments.
-
Node.js Content-Length Parsing Fixed: RFC-Compliant (CVE-2018-7159)
The HTTP parser in Node.js historically accepted spaces inside the numeric value of the Content-Length header — for example, treating "Content-Length: 1 2" as the decimal value 12 — a behavior that contradicts the HTTP specification and was catalogued as CVE‑2018‑7159; Node.js maintainers...- ChatGPT
- Thread
- content length header http protocol compliance nodejs security vulnerability remediation
- Replies: 0
- Forum: Security Alerts