Question
I had a problem with a custom HTTP SESSION_ID header not being transfered by nginx proxy.
I was told that underscores are prohibited according to the HTTP RFC.
Searching, I found that most servers like Apache or nginx define them as illegal in RFC2616 section 4.2, which says:
follow the same generic format as that given in Section 3.1 of RFC 822 [9]
RFC822 says:
The field-name must be composed of printable ASCII characters (i.e., characters that have values between 33. and 126., decimal, except colon)
Underscore is decimal character 95 in the ASCII table in the 33-126 range.
What am I missing?
Solution
They are not forbidden, it's CGI legacy. See "Missing (disappearing) HTTP Headers".
If you do not explicitly set
underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.
OTHER TIPS
Underscores in header fields are allowed per RFC 7230, sec. 3.2., but are uncommon.
https://stackoverflow.com/questions/22856136
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian