W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: Comments on the HTTP Sec-From Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Sun, 12 Jul 2009 10:43:21 -0700
Message-ID: <7789133a0907121043i5f226a53rc44d0188d76edf6a@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Ian Hickson <ian@hixie.ch>, collinj@cs.stanford.edu, HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Jul 12, 2009 at 1:48 AM, Mark Nottingham<mnot@mnot.net> wrote:
> If that's the case, you can just as easily define it as
>
> Sec-From: "a.com", "b.com"
>
> It's a minor point, but as an HTTP implementer, it's annoying to have yet
> another Header syntax floating around...

I'm confused.  Where did the quotes come from?  Also, my understanding
(which might well be wrong) is that defining the format using commas
requires servers to handle both the forms

Sec-From: http://a.com, http://b.com

and

Sec-From: http://a.com
Sec-From: http://b.com

because those two are equivalent.  The ordering of items in the header
is significant, so the above is not semantically equivalent to

Sec-From: http://b.com
Sec-From: http://a.com

Do other HTTP headers rely on ordering information between headers?
Put another way, are we guaranteed (and does it occur in practice)
that proxies won't re-order the headers?

The above considerations lead me to believe that using commas is just
inviting bugs for little gain.

Adam
Received on Sunday, 12 July 2009 17:44:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:07 GMT