From 30a33e9a6e4fd40482222222d0dd4fca69f1b6b5 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Tue, 3 Sep 2024 19:10:29 +0200
Subject: [PATCH] Trailing space after value in header is fine

This fixes #2466.
---
 testssl.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 3c9c2ad..0762546 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -2588,7 +2588,7 @@ match_ipv4_httpheader() {
 
      # Exclude some headers as they are mistakenly identified as ipv4 address. Issues #158, #323.
      # Also facebook used to have a CSP rule for 127.0.0.1
-     headers="$(grep -Evai "$excluded_header" $HEADERFILE)"
+     headers="$(grep -Evai "$excluded_header" $HEADERFILE 2>/dev/null)"
      if [[ "$headers" =~ $ipv4address ]]; then
           pr_bold " IPv4 address in header       "
           while read line; do
@@ -2736,6 +2736,8 @@ run_hsts() {
           # strict parsing now as suggested in #2381
           hsts_age_sec="${HEADERVALUE#*=}"
           hsts_age_sec=${hsts_age_sec%%;*}
+          # see #2466
+          hsts_age_sec=$(strip_trailing_space "$hsts_age_sec")
           if [[ $hsts_age_sec =~ \" ]]; then
                # remove first an last " in $hsts_age_sec (borrowed from strip_trailing_space/strip_leading_space):
                hsts_age_sec=$(printf "%s" "${hsts_age_sec#"${hsts_age_sec%%[!\"]*}"}")