Header values with commas

Question

According to the HTTP specs a header can look like this:

Header-Name=value1,value2,value3,...

I try to parse the header values and store them as an array:

array('value1', 'value2', 'value3')

so far so good. I can just tokenize the string if a comma appears.

BUT how should I handle headers like this one:

Expires=Thu, 01 Dec 1994 16:00:00 GMT

there's a comma but in the one value the header has. Oh that's easy I thought and figuered out the rule: Only separate by commas when there's no space before and after the comma. This way both examples get parsed correct.

BUT then I came across a header like this:

Accept-Encding=gzip, deflate

and now? Is this one value array('gzip, deflate') or two values array('gzip', 'deflate')? For me they are two separate values but then my rule from the above isn't true anymore.

Is there a list which headers are allowed more than once? So I can check against a blacklist to determine if the comma means a value delimiter or not?

Answer 1

Comma concatenation can occur for any header field, even those that aren't designed for it; it's how libraries and intermediaries happen to work.

It is designed to be used for header fields that use list syntax (RFC 7230 has all the details).

Finally, you can't use generic code to tokenize, because the way the comma can occur inside values varies from field to field.