In a multi-part form (i.e. Content-Type=multipart/form-data) is there an upper limit to the length of the boundary line that the HTTP server should accept?
As far as I can tell, the corresponding RFCs say 70 characters:
- RFC2616 (HTTP / 1.1), the section “3.7 Media Types”, says that the allowed types in the Content-Type header are defined by RFC1590 (media type registration procedure).
- RFC1590 updates RFC-1521 (MIME).
- RFC1521 says that the border "must be no more than 70 characters, not counting the two leading hyphens."
- The same text is also displayed in RFC2046 , which is supposedly obsolete by RFC1521 .
So, can I be sure that all major HTTP / 1.1 browsers adhere to this limit today? Are there any browsers (or other HTTP clients / libraries) that violate this limit?
Is there some other specification or general rule that I am missing that says the string will be shorter than 70 characters? In Chrome (ium) I get something like this: ----WebKitFormBoundaryLu4dNSGEhJZUgoe5which is obviously shorter than 70 characters.
I ask this question because my server is running in an environment with a limited amount of memory, so a "malloc buffer large enough to hold the entire header line" is not an ideal answer.