CRLF is obsolete and should be abolished

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • ASP.NET Core

    ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.

    > I'm hoping this is satire.

    Me too. It's one thing to accept single LFs in protocols that expect CRLF, but sending single LFs is a bridge to far in my opinion. I'm really surprised most of the other replies to your comment currently seem to unironically support not complying with well-established protocol specifications under the misguided notion that it will somehow make things "simpler" or "easier" for developers.

    I work on Kestrel which is an HTTP server for ASP.NET Core. Kestrel didn't support LF without a CR in HTTP/1.1 headers [until .NET 7](https://github.com/dotnet/aspnetcore/pull/43202). Thankfully, I'm unaware of any widely used HTTP client that even supports sending HTTP/1.1 requests without CRLF header endings, but we did eventually get reports of custom clients that used only LFs to terminate headers.

    I admit that we should have recognized a single LF as a line terminator instead of just CRLF from the beginning like the spec suggests, but people using just LF instead of CRLF in their custom clients certainly did not make things any easier or simpler for me as an HTTP server developer. Initially, we wanted to be as strict as possible when parsing request headers to avoid possible HTTP request smuggling attacks. I don't think allowing LF termination really allows for smuggling, but it is something we had to consider.

    I do not support even adding the option to terminate HTTP/1.1 request/response headers with single LFs in HttpClient/Kestrel. That's just asking for problems because it's so uncommon. There are clients and servers out there that will reject headers with single LFs while they all support CRLF. And if HTTP/1.1 is still being used in 2050 (which seems like a safe bet), I guarantee most clients and servers will still use CRLF header endings. Having multiple ways to represent the exact same thing does not make a protocol simpler or easier.

  • CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  • chars

    Determine and detect the end-of-line format, tabs, bom, and nul characters

    I wrote a command line program to determine/detect the end-of-line format, tabs, bom, and nul characters

    https://github.com/jftuga/chars

    Stand-alone binaries are provided for all major platforms.

  • llvm-project

    The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

    https://llvm.org/

  • caniuse

    Raw browser/feature support data from caniuse.com

    https://caniuse.com/

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Intermediate Go Projects

    5 projects | dev.to | 10 Jun 2024
  • Asynchronous Programming in C#

    9 projects | news.ycombinator.com | 30 Apr 2024
  • Have anyone implemented their own GetAwaiter()?

    3 projects | /r/dotnet | 17 Feb 2023
  • Is it possible to pass variables from PHP to a C# console app?

    2 projects | /r/csharp | 9 Jan 2023
  • What are the biggest reasons newcomers give up on OCaml?

    4 projects | /r/ocaml | 19 Dec 2022