W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: Comments on the HTTP Sec-From Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Sun, 12 Jul 2009 01:03:59 -0700
Message-ID: <7789133a0907120103o2255a3efk1b98edc5fd379d56@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Ian Hickson <ian@hixie.ch>, collinj@cs.stanford.edu, HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Jul 11, 2009 at 6:01 PM, Mark Nottingham<mnot@mnot.net> wrote:
> On 09/07/2009, at 3:58 PM, Adam Barth wrote:
>>> * The header field-value is defined as containing LWS characters. There
>>> isn't a reference for that rule, and FYI that form is being deprecated by
>>> HTTPbis; it would probably be better to say one or more whitespace
>>> characters. Another option would be to make it a comma-separated list, to
>>> pull it in line with the definitions of other HTTP headers.
>>
>> My understanding is that using a comma-separated list would change the
>> semantics because of header coalescing.
>
> How so? I.e., does this:
>
> Sec-From: a.com b.com, c.com d.com
>
> place an semantic significance on the split between a/b and c/d?

I don't believe that header value is conforming, according to the
draft.  I can define the processing behavior, if you like.  I'd
probably define it to ignore everything after the comma (likewise,
ignore any Sec-From header after the first).

Adam
Received on Sunday, 12 July 2009 08:05:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:07 GMT