httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 15861] - proxy MUST NOT forward hop-by-hop headers
Date Tue, 06 Jul 2004 05:46:21 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=15861>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=15861

proxy MUST NOT forward hop-by-hop headers





------- Additional Comments From coad@measurement-factory.com  2004-07-06 05:46 -------
Definitions, like the hop-by-hop definition you quoted from, are usually implicit MUST-level
requirements. While it is unfortunate that those definitions are not explicit MUSTs, they
have MUST-level force because violating them (e.g., forwarding hop-by-hop headers) would break
other MUSTs or core protocol logic. Here are a few RFC 2616 quotes that illustrate why stripping
hop-by-hop headers is a MUST:

      When a cache is semantically transparent, the client
      receives exactly the same response (except for hop-by-hop headers)
      that it would have received had its request been handled directly
      by the origin server.

(i.e., if a cache does not strip hop-by-hop headers, it is not a semantically transparent
cache)

   Other hop-by-hop headers MUST be listed in a Connection header,
   (section 14.10) to be introduced into HTTP/1.1 (or later).

(and deleting headers listed in Connection is an explicit MUST)

   However, the Expect
   request-header itself is end-to-end; it MUST be forwarded if the
   request is forwarded.

(i.e., if a request header is not forwarded, it is a hop-by-hop header because all non-end-to-end
headers are hop-by-hop, by definition)

   The Connection general-header field allows the sender to specify
   options that are desired for that particular connection and MUST NOT
   be communicated by proxies over further connections.

(if Connection, which is a hop-by-hop header, is forwarded, the above MUST
would make no sense and would be violated)

You can see definitions of other explicit hop-by-hop headers (e.g., Upgrade) for more examples.

However, at the end of the day, it is your judgment call. Co-Advisor 
equates "are not forwarded by proxies" to a MUST. You do not have to.
We may seek more authoritative opinion from the HTTP WG mailing list.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message