httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@liege.ICS.UCI.EDU>
Subject Re: arrrrgh!
Date Sun, 04 Aug 1996 14:42:31 GMT
> Seems to me that if we are going to refuse to port switch (as opposed to
> ignoring the issue) then we must know what the port number is to be able to
> refuse. This means that the absence of a port must be taken to mean port
> 80/443/whatever, and rejected when (in)appropriate.

Well, we know what port the request came in on -- if the server on that
port doesn't allow port switching, then it doesn't matter what is in Host
(or in the full-URI if that is given).  If that server does allow port
switching, then we do indeed need to consider the Host value -- note,
however, that we only need to consider it if the request is received on
one of the ports that allows port switching.  In any case, whether or
not the request is rejected is determined by the server, which has complete
control over its own namespace, and not by the HTTP protocol.

We could probably spend several days arguing about the darker sides
of spec legalese, but we would just be wasting our fingers.  What is
important is that we

  a) Implement the thing according to how it will best serve our customers,
     since that is good for them and us.

  b) Do not violate the intentions of the spec, since those intentions
     are for the good of everyone.

In cases where the wording of the spec is unclear, I can explain the
intentions behind that wording.  If necessary, I can also change the
specification (it will be reviewed again in six months), though I do
not think that this issue would result in a change; it would simply
result in a recommendation that servers implementing port switching
choose a different "default" when Host is received via HTTP/1.0.
Since we did not intend to implement port switching, this is not a
concern right now -- we should focus instead on preventing any
incorrect interpretation of a "normal" HTTP/1.0 request.


View raw message