W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

Re: what does "unrecognized header fields" mean?

From: Dave Kristol <dmk@bell-labs.com>
Date: Tue, 26 May 1998 14:41:25 -0400
Message-Id: <356B0CD5.2C60@bell-labs.com>
To: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>
Cc: http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/139
Ross Patterson wrote:
> [...]
> The second point to make is that an empty REFERER: header is illegal.
> The BNF in section 14.36 reads:
>    "Referer        = "Referer" ":" ( absoluteURI | relativeURI )"
> There is a required value.  Surely the RFC can't make a normative
> statement expecting a compliant implementation to ignore mal-formed
> headers - that way would lie madness and miscommunication.

I don't think it's so crazy for an implementation to treat a malformed
header as though it were simply missing.  If the header is required for
proper interpretation of the request, then the request will fail.  If
the header is just optional fluff (User-Agent, Referer), then the
actually or implied missing header can be ignored, no harm done.

I agree that the empty Referer header violates the specified syntax. 
The question is, what should the recipient do about it?  A server could
parse all headers strictly according to the specified syntax and return
a 400 Bad Request response if it sees an error.  Or, it could adopt the
more common tolerant Internet behavior and ignore the malformed header.

I seem to have encountered, for the first time of which I'm aware, an
example of the former, and it surprised me.

Dave Kristol
Received on Tuesday, 26 May 1998 11:44:03 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:22 UTC