Search code examples
c++httphttp-status

HTTP Response Status-Line maximum size

Quick question - is there a maximum size for the Status-Line of a HTTP Response?

In the RFC I could not find this information, just something like this:

Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF

According to this i could assume:

  • HTTP-Version is usually 8 Bytes ( e.g. HTTP/1.1 )
  • Status-Code is 3 Bytes
  • 2 Spaces + CRLF is 4 Bytes
  • Reason-Phrase -> The longest according to the RFC is Requested range not satisfiable so 31 Bytes

This would be a sum of 46 Bytes.

Is this assumption correct or did I miss anything?

UPDATE:

Due to the answer below, I just want to specify my problem a bit:

I am parsing some kind of Log file with TCP messages from a server. Now there is some random Data I don't care for and some HTTP Messages which I want to read. Now all data I get I parse for a \r\n to find the Status Line. Since I need to make assumption that my header is split into several TCP packages I just buffer all data and parse it.

If there is no maximum size for the header status-line, I need to buffer all data until the next \r\n occurs. In the worst case this means I save like kilobytes over kilobytes of random data, since it could ( but will most likely will not ) be part of the Header Status Line.

Or would it , in this case, be rather appropriate to parse for the HTTP Version String instead of the CRLF ?

Solution

  • RFC 2616, 6.1.1:

    The reason phrases listed here are only recommendations -- they MAY be replaced by local equivalents without affecting the protocol.

    Aside from this, the HTTP protocol is "allowed" to add more status codes (in a new RFC) without changing the HTTP version to 1.2, provided that the new codes don't introduce additional requirements on HTTP clients. Clients are supposed to treat an unknown status code as if it were x00 (where x is the first digit of the code they get, indicating the category of response), except that they shouldn't cache the response.

    So the only limit is the max length of an HTTP header line or of the response headers in total. As far as I can see, the RFC doesn't define any limit, although specific servers impose their own.

    What you can be sure of is that the user-agent may ignore the Reason Phrase entirely. So if it's big, you can read it in small pieces and throw them away one at a time until you reach CRLF. If you want to display a human-readable message, mostly you can use the recommended Reason Phrase for the status code that the server provides, regardless of what Reason Phrase the server sends.