httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c
Date Sat, 15 Oct 2016 09:10:06 GMT
On Sat, Oct 15, 2016 at 3:54 AM, William A Rowe Jr <wrowe@rowe-clan.net>
wrote:

> On Fri, Oct 14, 2016 at 4:44 PM, Roy T. Fielding <fielding@gbiv.com>
> wrote:
>
>> Right, though several people have requested it now as errata. Seems
>> likely to be in the final update for STD.
>>
>
> In the HttpProtocolOptions Unsafe mode, it is tolerated.
>
> Should it be the proper 'Strict' behavior to parse (never generate) such
> noise?
>

FWIW, I see very little harm in potentially unsafe chunk headers because
it becomes a serious chore to inject between alternating \r-only vs \n-only
vs space trailing chunk headers. I'm not suggesting it can't be done, but
most requests-with-body are intrinsically not idempotent, so one must be
extremely clever to affect cache history.

But it isn't impossible, so if the editors follow the way of BWS vs. follow
the absolute explicit statements about HTTP request field names and
the trailing ':', I'd be somewhat disappointed. Tighten ambiguity where
there was little ambiguity before. Make explicit the real ambiguity for
all user-agents and servers to implement. /shrug.

Cheers,

Bill

Mime
View raw message