W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: repeated filename parameters, Re: Working Group Last Call: draft-ietf-httpbis-content-disp-02

From: Adam Barth <w3c@adambarth.com>
Date: Sat, 2 Oct 2010 14:48:40 -0700
Message-ID: <AANLkTimO2gmbYqDJfR6wkEpYr_y4AS3C9zkvJG+EvVbp@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Oct 2, 2010 at 11:24 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 02.10.2010 18:16, Adam Barth wrote:
>>
>> This document appears to be insufficiently precise for user agents to
>> implement Content-Disposition.  In particular, it does not
>> disambiguate what filename a user agent should use if multiple
>> filename attributes are present....
>
> Repeating a parameter makes the header instance invalid, this should be
> pointed out; I opened
> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/244> to track this (and
> also added a test case at
> <http://greenbytes.de/tech/tc2231/#attwith2filenames>).

There seems to be a lot of things generated by the grammar that are
nonsensical.  Perhaps it would useful to explain which of those things
servers ought to actually generate.

>> ... The grammar will fail to parse a
>> large number of Content-Disposition headers user agents receive on the
>> public Internet, etc....
>
> That's not a problem. There are no specific requirements on handling
> malformed headers, just like with any other HTTP header field, unless it
> affects security.

We disagree about whether that's a problem.  We do agree that those
requirements are not contained in this document.

>> ...  The document says:
>>
>> [[
>>    Based on interoperability
>>    testing with existing User Agents, it fully defines a profile of the
>>    features defined in the Multipurpose Internet Mail Extensions (MIME)
>>    variant ([RFC2183]) of the header field
>> ]]
>>
>> We should either add enough detail to the document to allow for user
>> agent implementations or clarify that this document is intended to
>> apply only to servers.  For example, we could change the above
>> paragraph to the following:
>>
>> [[
>>    Based on interoperability testing with existing User Agents, it
>> defines a profile
>>    for use by HTTP servers of the
>>    features defined in the Multipurpose Internet Mail Extensions (MIME)
>>    variant ([RFC2183]) of the header field
>> ]]
>> ...
>
> I don't understand the distinction between user agent and server here.

This document describes a profile for generating the
Content-Disposition header.  The server is the one who generates the
header.  Therefore, this document defines a profile for use by
servers.

> We are defining a response header field. The producer sets it, expressing
> additional instructions on how to handle the payload. The recipient can
> follow it or ignore it. For instance, a UA on a mobile phone without
> filesystem will likely ignore the "attachment" disposition.

Indeed.  However, this document does not contain the rules for
consuming the header in sufficient detail for me to implement a user
agent.  I need to look at another document for that information.
Sadly, that document doesn't yet exist.

> For invalid header field instances, there aren't any specific requirements.
> Do you have any evidence these are required?

Such information is required to achieve interoperable implementations
of the Content-Disposition header.  It's fine if you don't want to
include that information in this document.  The document should just
be clear about its scope.

Adam
Received on Saturday, 2 October 2010 22:11:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:27 GMT