标头键值中的无效字符

HTTP/2 实现比 HTTP/1 实现更严格地处理 HTTP 标头名称和值中的无效字符。

标头字段名称不区分大小写，并严格作为小写字符串通过网络传输。 Node.js 提供的 API 允许将标头名称设置为混合大小写字符串（例如 Content-Type），但会在传输时将其转换为小写（例如 content-type）。

标头字段名称必须仅包含以下一个或多个 ASCII 字符：a-z、A-Z、0-9、!、#、$、%、&、'、*、+、-、.、^、_、` （反引号）、|、以及 ~。

在 HTTP 标头字段名称中使用无效字符将导致流关闭并报告协议错误。

根据 HTTP 规范的要求，标头字段值的处理更为宽松，但不应包含换行符或回车符，并且应仅限于 US-ASCII 字符。

The HTTP/2 implementation applies stricter handling of invalid characters in HTTP header names and values than the HTTP/1 implementation.

Header field names are case-insensitive and are transmitted over the wire strictly as lower-case strings. The API provided by Node.js allows header names to be set as mixed-case strings (e.g. Content-Type) but will convert those to lower-case (e.g. content-type) upon transmission.

Header field-names must only contain one or more of the following ASCII characters: a-z, A-Z, 0-9, !, #, $, %, &, ', *, +, -, ., ^, _, ` (backtick), |, and ~.

Using invalid characters within an HTTP header field name will cause the stream to be closed with a protocol error being reported.

Header field values are handled with more leniency but should not contain new-line or carriage return characters and should be limited to US-ASCII characters, per the requirements of the HTTP specification.