httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: HTTP/1.1 strict ruleset
Date Thu, 04 Aug 2016 00:12:55 GMT
> Well, is there any point of detailing the specific offending field names?
> The bad text received? To the consumer in the response error message,
> or strictly to the logs?

I don't think it's too important in the response.

> We should log (once) the cause of a 400, but are the details interesting?
> Or is it enough to report that a bad field name, a bad header value etc
> caused the fault without any sprintf() style processing?

Kind of difficult to talk about in the abstract. I can't say the cause
needs to be "clear" in the logs but I think the offending data (line
if it's line-based even if we could already be lost for bad input) and
some hint about what we were expecting or didn't like.

Mime
View raw message