W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: [#95] Multiple Content-Lengths

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 10 Mar 2011 11:55:31 +1300
Message-ID: <4D780563.3000202@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>

On 10/03/2011 11:44 a.m., Julian Reschke wrote:
> I can think of three ways for recipients to handle these:
> a) fail to parse C-L, and treat the message as invalid (closing the 
> connection because of broken framing)
> b) accept the duplicate value, and use the C-L as if it wasn't repeated
> c) fail to parse C-L, and just treat the C-L header field as invalid, 
> but continue processing by reading until the end of connection
> Smuggling could only happen if some recipients did c), right? Those 
> that do this IMHO are already non-compliant, so I'm not sure how 
> mandating b) helps...

What should a proxy do?  It has the task of putting something together 
to send a client.

it seems to me the only safe option is a.  It's also the only option 
that provides any incentive for people to fix their sites.



>>> If we do, we *probably* need to adjust the header field ABNF 
>>> (because "x, x" doesn't parse), which I'd rather do not...
>> No, we still require that duplicates not be sent.  The ABNF
>> only defines valid messages.  This new requirement is for
>> exception handling in the case of an invalid received message.
> Ack.
> Best regards, Julian
Received on Wednesday, 9 March 2011 22:56:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:56 UTC