W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: [#95] Multiple Content-Lengths

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 22 Sep 2010 21:28:24 +0200
Message-ID: <4C9A58D8.4050607@gmx.de>
To: Adam Barth <w3c@adambarth.com>
CC: "Roy T. Fielding" <fielding@gbiv.com>, "William Chan (陈智昌)" <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>
On 22.09.2010 20:57, Adam Barth wrote:
> On Wed, Sep 22, 2010 at 5:19 AM, Julian Reschke<julian.reschke@gmx.de>  wrote:
>> On 21.09.2010 07:37, Roy T. Fielding wrote:
>>> On Sep 20, 2010, at 10:28 PM, William Chan (陈智昌) wrote:
>>>>   From the brief discussion amongst the Chrome network developers, we plan
>>>> to discard the response and display an error.
>>>
>>> Thank you.  That is a very sensible solution and I am more
>>> than happy to spec it that way if we can get rough consensus
>>> (and hopefully some running code).
>>
>> I just did a few tests with current versions IE/FF/Op/Saf/Chrome.
>>
>> Observations:
>>
>> 1) some pick the first Content-Length header (Op/Chr/Saf/IE), FF picks the
>> second
>
> Did you test with three Content-Length headers?  I suspect FF is using

No.

> the last header (not the second) because that's what they usually do.

I agree that this is the likely reason.

> IE usually uses the first header, so that's not surprising.  Chrome
> usually matches Firefox (in using the last header), so there might be
> some specific reason it uses the first one here.  We could ask Darin
> whether he had a specific reason.

My wild guess is: it doesn't matter. Either there's no content out there 
relying on this, or both variations exist, and one approach breaks one 
kind, and the other approach breaks the other kind.

>> 2) some close the connection (Op/IE), some do not
>>
>> 3) most parse multiple lenghts in a single header just like multiple
>> headers, except for FF which then ignores the header and reads until EOF
>>
>> 4) all are ok with multiple header instances having the same value
>
> This sounds worth adding to the spec.  There isn't a security problem
> if all the headers agree.

Agreed, but it makes the spec more complex, and it's not sure whether 
it's worth the special case (that's why statistical data would be useful).

>> I think this is good news in that there's no interop for broken messages,
>> thus whatever we decide to do is unlikely to break existing content.
>
> I wouldn't necessarily draw that conclusion from the data above.  The
> fact that Chrome matches IE here instead of Firefox is a hint that
> there might be something more going on.

Well, you could ask.

On the other hand, has anybody complained that FF's behavior breaks 
anything?

Best regards, Julian
Received on Wednesday, 22 September 2010 19:29:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT