W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: parsing decimals, was: HTTPbis -10 drafts published

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 15 Jul 2010 10:24:48 +1000
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <A8B366AA-14A3-40F9-A167-202134303BA1@mnot.net>
To: Willy Tarreau <w@1wt.eu>

On 14/07/2010, at 7:41 PM, Willy Tarreau wrote:

> Well, one of the difficulties with HTTP is that no limit to anything
> is specified. That's what makes it that open, but also what causes
> so many arbitrary choices. I regularly hear questions such as "what's
> the max length a URL can take ?" or "what's the max length of a header ?".
> When I reply there's no such limit, people are embarrassed and have to
> resort to the "large enough" principle, which generally means using a
> type which can hold values that cannot be reached. I agree the spec
> cannot correct such behaviours, but when some things are well-known
> and some errors not uncommon, it does not cost much to help implementers
> not do the same mistakes again.

http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-10#section-4.1.2 :

>    HTTP does not place a pre-defined limit on the length of a request-
>    target.  A server MUST be prepared to receive URIs of unbounded
>    length and respond with the 414 (URI Too Long) status if the received
>    request-target would be longer than the server wishes to handle (see
>    Section 8.4.15 of [Part2]).
> 
>    Various ad-hoc limitations on request-target length are found in
>    practice.  It is RECOMMENDED that all HTTP senders and recipients
>    support request-target lengths of 8000 or more OCTETs.


Cheers,


--
Mark Nottingham     http://www.mnot.net/
Received on Thursday, 15 July 2010 00:25:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:23 GMT