W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: [#95] Multiple Content-Lengths

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 10 Mar 2011 11:55:31 +1300
Message-ID: <4D780563.3000202@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>


On 10/03/2011 11:44 a.m., Julian Reschke wrote:
>
> I can think of three ways for recipients to handle these:
>
> a) fail to parse C-L, and treat the message as invalid (closing the 
> connection because of broken framing)
>
> b) accept the duplicate value, and use the C-L as if it wasn't repeated
>
> c) fail to parse C-L, and just treat the C-L header field as invalid, 
> but continue processing by reading until the end of connection
>
> Smuggling could only happen if some recipients did c), right? Those 
> that do this IMHO are already non-compliant, so I'm not sure how 
> mandating b) helps...
>

What should a proxy do?  It has the task of putting something together 
to send a client.

it seems to me the only safe option is a.  It's also the only option 
that provides any incentive for people to fix their sites.

Regards

Adrien

>>> If we do, we *probably* need to adjust the header field ABNF 
>>> (because "x, x" doesn't parse), which I'd rather do not...
>>
>> No, we still require that duplicates not be sent.  The ABNF
>> only defines valid messages.  This new requirement is for
>> exception handling in the case of an invalid received message.
>
> Ack.
>
> Best regards, Julian
>
Received on Wednesday, 9 March 2011 22:56:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT