diff options
author | Eric Wong <e@80x24.org> | 2015-11-16 23:55:01 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2015-11-17 00:05:29 +0000 |
commit | 2cf1b3df5d58c716ada873f0ae7803142e3da362 (patch) | |
tree | a7d72b9f4a237cbd900c83ba8cf53fd8b1c23b1f /lib/unicorn | |
parent | f8d431040eb863b226ded089113340e68d598914 (diff) | |
download | unicorn-2cf1b3df5d58c716ada873f0ae7803142e3da362.tar.gz |
This blatantly violates Rack SPEC, but we've had this bug since March 2009[1]. Thus, we cannot expect all existing applications and middlewares to fix this bug and will probably have to support it forever. Unfortunately, supporting this bug contributes to application server lock-in, but at least we'll document it as such. [1] commit 1835c9e2e12e6674b52dd80e4598cad9c4ea1e84 ("HttpResponse: speed up non-multivalue headers") Reported-by: Owen Ou <o@heroku.com> Ref: <CAO47=rJa=zRcLn_Xm4v2cHPr6c0UswaFC_omYFEH+baSxHOWKQ@mail.gmail.com>
Diffstat (limited to 'lib/unicorn')
-rw-r--r-- | lib/unicorn/http_response.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/unicorn/http_response.rb b/lib/unicorn/http_response.rb index c1aa738..7b446c2 100644 --- a/lib/unicorn/http_response.rb +++ b/lib/unicorn/http_response.rb @@ -37,7 +37,7 @@ module Unicorn::HttpResponse # key in Rack < 1.5 hijack = value else - if value.include?("\n".freeze) + if value =~ /\n/ # avoiding blank, key-only cookies with /\n+/ value.split(/\n+/).each { |v| buf << "#{key}: #{v}\r\n" } else |