httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c
Date Mon, 17 Oct 2016 18:48:56 GMT
> On Oct 15, 2016, at 2:10 AM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> 
> On Sat, Oct 15, 2016 at 3:54 AM, William A Rowe Jr <wrowe@rowe-clan.net <mailto:wrowe@rowe-clan.net>>
wrote:
> On Fri, Oct 14, 2016 at 4:44 PM, Roy T. Fielding <fielding@gbiv.com <mailto:fielding@gbiv.com>>
wrote:
> Right, though several people have requested it now as errata. Seems likely to be in the
final update for STD.
> 
> In the HttpProtocolOptions Unsafe mode, it is tolerated.
> 
> Should it be the proper 'Strict' behavior to parse (never generate) such noise? 
> 
> FWIW, I see very little harm in potentially unsafe chunk headers because
> it becomes a serious chore to inject between alternating \r-only vs \n-only 
> vs space trailing chunk headers. I'm not suggesting it can't be done, but
> most requests-with-body are intrinsically not idempotent, so one must be
> extremely clever to affect cache history. 
> 
> But it isn't impossible, so if the editors follow the way of BWS vs. follow 
> the absolute explicit statements about HTTP request field names and
> the trailing ':', I'd be somewhat disappointed. Tighten ambiguity where
> there was little ambiguity before. Make explicit the real ambiguity for
> all user-agents and servers to implement. /shrug.

We tried.  People complained.

In any case, BWS only includes *( SP / HTAB ).  Not much ambiguity there.

....Roy


Mime
View raw message