From f0ceb191cebbbf5b787a77285d575972d2b61bfa Mon Sep 17 00:00:00 2001
From: mmustafasenoglu <mmustafasenoglu0@gmail.com>
Date: Tue, 23 Jun 2026 23:35:48 +0300
Subject: [PATCH] fix: reject @ character in header names

Remove the exception that allowed '@' character in header names.
According to RFC 9110 Section 5.1, header field names must consist
only of tchar characters, and '@' is not a valid tchar.

The previous fix for INKqa09141 incorrectly allowed '@' in header
names. This patch removes that exception and adds a comment explaining
the RFC requirement.

Fixes #12082
---
 src/proxy/hdrs/MIME.cc | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/proxy/hdrs/MIME.cc b/src/proxy/hdrs/MIME.cc
index f8e25de040b..70b4ed822c6 100644
--- a/src/proxy/hdrs/MIME.cc
+++ b/src/proxy/hdrs/MIME.cc
@@ -2426,12 +2426,11 @@ mime_parser_parse(MIMEParser *parser, HdrHeap *heap, MIMEHdrImpl *mh, const char
     /////////////////////////////////////////////
 
     /**
-     * Fix for INKqa09141. The is_token function fails for '@' character.
-     * Header names starting with '@' signs are valid headers. Hence we
-     * have to add one more check to see if the first parameter is '@'
-     * character then, the header name is valid.
+     * RFC 9110 Section 5.1: Header field names must consist only of
+     * tchar characters. The '@' character is not a valid tchar, so
+     * header names containing '@' should be rejected as invalid.
      **/
-    if ((!ParseRules::is_token(*parsed)) && (*parsed != '@')) {
+    if (!ParseRules::is_token(*parsed)) {
       continue; // toss away garbage line
     }