httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: StrictURI in the wild [Was: Backporting HttpProtocolOptions survey]
Date Wed, 14 Sep 2016 13:28:57 GMT
On Tue, Sep 13, 2016 at 5:07 PM, Jacob Champion <>

> On 09/13/2016 12:25 PM, Jacob Champion wrote:
>> What is this? Is this the newest "there are a bunch of almost-right
>> implementations so let's make yet another standard in the hopes that it
>> won't make things worse"? Does anyone know the history behind this spec?
> (My goal in asking this question is not to stare and point and laugh, but
> more to figure out whether we are skating to where the puck is going. It
> would be nice for users to know which specification StrictURI is being
> strict about.)

RFC3986 as incorporated by and expanded upon by reference in RFC7230.

IP, TCP, HTTP and it's data and framing are defined by the IETF. HTTP's
definition depends on the meaning of many things, including ASCII, URI
syntax, etc, see its table of citations. The things it depends on simply
can't be moving targets any more than those definitions that the TCP
protocol is dependant upon. The IETF process is to correct a broken
underlying spec with a newly revised spec subject to peer review, and
then update the consuming specs to leverage the changes in the
underlying, where necessary (in some cases the revised underlying
spec, once applied, has no impact on the consuming spec.)

HTML folks use URL's, and therefore forked the spec they percieved as
too rigid and inflexible. In fact, it wasn't, but it appears so if you read
spec as requiring -users- to -type- valid URI's, which was never the case.
Although it gets prickly if you consider handling badly authored href=
in html. HTML became a "living spec" subject to perpetual evolution;
this results in a state where all implementations are perpetually broken.
But the key take-away is that whattfwg URI does not and cannot
supercede RFC3986 for the purposes of RFC7230. Rather than improve
the underlying spec, the group decided to overlay an unrelated spec. does one
decent job explaining some of this. Google "URI whatwg vs. ietf" for
an excessively long list of references.

So in short, whatwg spec describes URI's anywhere someone wants
to apply their defintion; HTML5 is based upon this. The wire protocol
of talking to an http: schema server is defined by RFC7230, which
subordinates to the RFC3986 definition of a URI. How you choose to
apply these two specs depends on your position in the stack.

View raw message