- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 07 Mar 2011 09:41:13 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: ietf-http-wg@w3.org
On 06.03.2011 23:31, Bjoern Hoehrmann wrote: > Hi, > > I ran across https://rt.cpan.org/Public/Bug/Display.html?id=61960 and > could not find this in draft-ietf-httpbis-p1-messaging-12.txt. It seems > to me the specification should say "chunked" as transfer-extension is > only valid if it is the last transfer-coding, otherwise you're likely We have in <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-12.html#rfc.section.6.2.1.p.10>: "Since "chunked" is the only transfer-coding required to be understood by HTTP/1.1 recipients, it plays a crucial role in delimiting messages on a persistent connection. Whenever a transfer-coding is applied to a payload body in a request, the final transfer-coding applied MUST be "chunked". If a transfer-coding is applied to a response payload body, then either the final transfer-coding applied MUST be "chunked" or the message MUST be terminated by closing the connection. When the "chunked" transfer-coding is used, it MUST be the last transfer-coding applied to form the message-body. The "chunked" transfer-coding MUST NOT be applied more than once in a message-body." > dealing with some form of attack (unfortunately many mainstream imple- > mentations use, say, `strstr` to check for "chunked", so they misbe- > have if you do something like `Transfer-Encoding: bogochunked`; that > might also be worth a "It is incorrect to..." note). > ... BR, Julian
Received on Monday, 7 March 2011 08:41:57 UTC