SOH char in http response causes ServerProtocolViolation

When we make a request to our server, the response contains some headers. One of the headers is for cookies and contains the SOH (Start of heading, ascii code 1) char. This causes
System.Net.WebExceptionError getting response stream (ReadDone4): ServerProtocolViolation at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)HttpWebRequest.cs:944

After some reseaching, we found that the library code which causes the exception is this:

internal static bool IsHeaderValue (string value)
   // TEXT any 8 bit value except CTL's (0-31 and 127)
   //      but including \r\n space and \t
   //      after a newline at least one space or \t must follow
   //      certain header fields allow comments ()

   int len = value.Length;
   for (int i = 0; i < len; i++) {   
    char c = value [i];
    if (c == 127)
     return false;
    if (c < 0x20 && (c != '\r' && c != '\n' && c != '\t'))
     return false; ////////////////////////////////////////////////////////////////// This is where the method returns false.
    if (c == '\n' && ++i < len) {
     c = value [i];
     if (c != ' ' && c != '\t')
      return false;

   return true;

We are using the Microsoft.Net.Http package and the requests and responses are handled this way:

HttpRequestMessage request = new HttpRequestMessage (HttpMethod.Get, string.Format
                ("{0}/PlatformUnixTimeGet", AppResources.WebApi));
HttpResponseMessageresponse = await httpClient.SendAsync (request);

Any ideas on how to fix this? If it was a pure C# application, we could set <httpWebRequest useUnsafeHeaderParsing="true" /> in a config file, but this is not the case. Our target platforms are iOS and Android.

Best Answer


  • AlexSSAlexSS USMember
    edited June 2016

    I am running into the same issue. We are using Incapsula's CDN and they sometimes include a SOH character in their response headers.

  • bcaceirobcaceiro PTMember ✭✭

    Any luck solving this issue?

  • IliaStoilovIliaStoilov USMember ✭✭

    @bcaceiro If you are using Incapsula, you should contact them and tell them to fix it.

Sign In or Register to comment.