On 06.03.2011 23:31, Bjoern Hoehrmann wrote: > Hi, > > I ran across https://rt.cpan.org/Public/Bug/Display.html?id=61960 and > could not find this in draft-ietf-httpbis-p1-messaging-12.txt. It seems > to me the specification should say "chunked" as transfer-extension is > only valid if it is the last transfer-coding, otherwise you're likely We have in <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-12.html#rfc.section.6.2.1.p.10>: "Since "chunked" is the only transfer-coding required to be understood by HTTP/1.1 recipients, it plays a crucial role in delimiting messages on a persistent connection. Whenever a transfer-coding is applied to a payload body in a request, the final transfer-coding applied MUST be "chunked". If a transfer-coding is applied to a response payload body, then either the final transfer-coding applied MUST be "chunked" or the message MUST be terminated by closing the connection. When the "chunked" transfer-coding is used, it MUST be the last transfer-coding applied to form the message-body. The "chunked" transfer-coding MUST NOT be applied more than once in a message-body." > dealing with some form of attack (unfortunately many mainstream imple- > mentations use, say, `strstr` to check for "chunked", so they misbe- > have if you do something like `Transfer-Encoding: bogochunked`; that > might also be worth a "It is incorrect to..." note). > ... BR, JulianReceived on Monday, 7 March 2011 08:41:57 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT