W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: The use of trailers

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 30 May 2007 09:28:06 +1200
Message-ID: <465C9AE6.3000605@qbik.com>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
CC: 'HTTP Working Group' <ietf-http-wg@w3.org> 



Henrik Nordstrom wrote:
> ons 2007-05-30 klockan 09:07 +1200 skrev Adrien de Croy:
>
>   
>> I can still forsee some issues if headers like Content-Type are 
>> permitted in a trailer though.
>>     
>
> It is permitted, but no sane implementations should place it there, or
> need to place it there..
>   

That's an opportunity for another RFC perhaps - the "things should be 
sane" RFC :)

I see this more potentially as a possible exploit by rogue servers to 
bypass security etc.  e.g. porn sites or similar.

There aren't really that many response headers that it makes sense to 
base policy on, but Content-Type is a key one.

Regards

Adrien


> Regards
> Henrik
>
Received on Tuesday, 29 May 2007 21:27:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 June 2008 08:04:32 GMT