diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-08-05 09:45:23 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-08-06 00:08:14 +0200 |
| commit | a42b0957ab31c971a79bfe5542b3017fd834ac49 (patch) | |
| tree | c43f89dc79552d3255c2477037f246086e4b90d2 /docs | |
| parent | 4173868f663c6fe7ecd1ba2abab20381002adc6b (diff) | |
| download | curl-a42b0957ab31c971a79bfe5542b3017fd834ac49.tar.gz | |
http09: disable HTTP/0.9 by default in both tool and library
As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174. Now requires the option to be set to allow HTTP/0.9
responses.
Closes #4191
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/DEPRECATE.md | 15 | ||||
| -rw-r--r-- | docs/cmdline-opts/http0.9.d | 3 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3 | 10 |
3 files changed, 6 insertions, 22 deletions
diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md index f04f0eeaa..4f4ef8ab6 100644 --- a/docs/DEPRECATE.md +++ b/docs/DEPRECATE.md @@ -5,21 +5,6 @@ email the curl-library mailing list as soon as possible and explain to us why this is a problem for you and how your use case can't be satisfied properly using a work around. -## HTTP/0.9 - -Supporting this is non-obvious and might even come as a surprise to some -users. Potentially even being a security risk in some cases. - -### State - -curl 7.64.0 introduces options to disable/enable support for this protocol -version. The default remains supported for now. - -### Removal - -The support for HTTP/0.9 will be switched to disabled by default in 6 months, -in the September 2019 release (possibly called curl 7.68.0). - ## PolarSSL The polarssl TLS library has not had an update in over three years. The last diff --git a/docs/cmdline-opts/http0.9.d b/docs/cmdline-opts/http0.9.d index 33fe72d18..7e783f696 100644 --- a/docs/cmdline-opts/http0.9.d +++ b/docs/cmdline-opts/http0.9.d @@ -10,5 +10,4 @@ HTTP/0.9 is a completely headerless response and therefore you can also connect with this to non-HTTP servers and still get a response since curl will simply transparently downgrade - if allowed. -A future curl version will deny continuing if the response isn't at least -HTTP/1.0 unless this option is used. +Since curl 7.66.0, HTTP/0.9 is disabled by default. diff --git a/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3 b/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3 index 3fa44993a..25520150f 100644 --- a/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3 +++ b/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -31,12 +31,12 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP09_ALLOWED, long allowed); Pass the long argument \fIallowed\fP set to 1L to allow HTTP/0.9 responses. A HTTP/0.9 response is a server response entirely without headers and only a -body, while you can connect to lots of random TCP services and still get a -response that curl might consider to be HTTP/0.9. +body. You can connect to lots of random TCP services and still get a response +that curl might consider to be HTTP/0.9! .SH DEFAULT -curl allows HTTP/0.9 responses by default. +curl allowed HTTP/0.9 responses by default before 7.66.0 -A future curl version will require this option to be set to allow HTTP/0.9 +Since 7.66.0, libcurl requires this option set to 1L to allow HTTP/0.9 responses. .SH PROTOCOLS HTTP |