W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Handling multiple headers when only one is allowed

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 09 Jun 2010 08:31:09 +0200
To: "HTTP Working Group" <ietf-http-wg@w3.org>, "Bil Corry" <bil@corry.biz>, "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Cc: "Michal Zalewski" <lcamtuf@google.com>, "Jeff Hodges" <Jeff.Hodges@kingsmountain.com>, "Adam Barth" <ietf@adambarth.com>
Message-ID: <op.vd0sd7je64w2qv@annevk-t60>
On Wed, 09 Jun 2010 02:48:20 +0200, Yngve N. Pettersen (Developer Opera  
Software ASA) <yngve@opera.com> wrote:
> Well, there is actually a fourth choice: Ask the user (Yes, I know, the  
> user will most likely know just as little as the client about what those  
> header were intended to mean, and the opportunities for social  
> engineering attacks will be legion).

There's also a fifth. Based on implementation experience we can probably  
figure out what the scenario for headers should be. You might end up with  
special cases, but at least you know it can be implemented and you can  
give advice for future clients so they will no longer have to reverse  
engineer the market leader.

Anne van Kesteren
Received on Wednesday, 9 June 2010 06:32:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:53 UTC