为什么 HTTP 服务器禁止在 HTTP 头名中使用下划线

我有一个自定义的 HTTPSESSION_ID报头问题不是由 nginx 代理传输的。

我被告知，根据 HTTP RFC，下划线是被禁止的。

通过搜索，我发现大多数像阿帕奇人或者 Nginx这样的服务器在 RFC2616第4.2节中将它们定义为非法，它们说:

遵循与 RFC 822[9]第3.1节中给出的通用格式相同的格式

RFC822 说:

字段名必须由可打印的 ASCII 字符组成 (即值在33. 和126之间的字符, 十进制，冒号除外)

下划线是 ASCII 表中33-126范围内的十进制字符95。

我错过了什么？

40921 次浏览

小开

最佳答案

They are not forbidden, it's CGI legacy. See "Missing (disappearing) HTTP Headers".

If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.

小开

Underscores in header fields are allowed per RFC 7230, sec. 3.2., but are uncommon.