From 48084d55f22905b308a1e58077f9138593da1d4c Mon Sep 17 00:00:00 2001
From: yhirose <yuji.hirose.bug@gmail.com>
Date: Mon, 10 Mar 2025 23:31:51 -0400
Subject: [PATCH] Fix #2096

---
 httplib.h    | 3 +++
 test/test.cc | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/httplib.h b/httplib.h
index 3b3beab..dfa6c0e 100644
--- a/httplib.h
+++ b/httplib.h
@@ -4170,6 +4170,9 @@ inline bool parse_header(const char *beg, const char *end, T fn) {
     p++;
   }
 
+  auto name = std::string(beg, p);
+  if (!detail::fields::is_field_name(name)) { return false; }
+
   if (p == end) { return false; }
 
   auto key_end = p;
diff --git a/test/test.cc b/test/test.cc
index fce0545..81a5e33 100644
--- a/test/test.cc
+++ b/test/test.cc
@@ -5156,6 +5156,14 @@ TEST(ServerRequestParsingTest, InvalidFieldValueContains_LF) {
   EXPECT_EQ("HTTP/1.1 400 Bad Request", out.substr(0, 24));
 }
 
+TEST(ServerRequestParsingTest, InvalidFieldNameContains_PreceedingSpaces) {
+  std::string out;
+  std::string request(
+      "GET /header_field_value_check HTTP/1.1\r\n  Test: val\r\n\r\n", 55);
+  test_raw_request(request, &out);
+  EXPECT_EQ("HTTP/1.1 400 Bad Request", out.substr(0, 24));
+}
+
 TEST(ServerRequestParsingTest, EmptyFieldValue) {
   std::string out;