W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2007

Re: NEW ISSUE: repeating non-list-type-headers

From: Jamie Lokier <jamie@shareable.org>
Date: Tue, 20 Nov 2007 16:00:53 +0000
To: Julian Reschke <julian.reschke@gmx.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20071120160053.GA20642@softmodem.org>

Julian Reschke wrote:
> Now this seems to be kind of backwards, wouldn't it be *much* clearer if 
> it said:
> 
>    Multiple message-header fields with the same field-name MUST NOT be
>    present in a message unless the entire field-value for that
>    header field is defined as a comma-separated list [i.e., #(values)].

It would be clearer, but it would clash with reality.  All web servers
and web clients use Set-Cookie, which is prohibited by that.

I think it's important to acknowledge that Set-Cookie is still around,
and all public web servers and clients must deal with it in practice
(if they support cookies).

> That being said, do we have a recommendation for recipients when that 
> requirement is violated? I would assume that servers SHOULD return a 400 
> (Bad Request), but what about clients?

An HTTP agent's implementation _ought_ to be able to parse the headers
into a name->value dictionary, concatenating any multiple values for
the same field-name with ", " between them, with the practical
exception of Set-Cookie, for which a list must be kept separately.

Some servers and clients are implemented like that, and they are fine.

The module responsible for parsing headers generally doesn't have a
list of the syntaxes of each header type, and such a list would be
difficult to obtain because of application-specific headers which may
be different for different resources on the same server.

Hence the open-endedness of the text you focused on in RFC 2616, I guess.

-- JAmie
Received on Tuesday, 20 November 2007 16:00:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:23 GMT