W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: [#95] Multiple Content-Lengths

From: William A. Rowe Jr. <wrowe@rowe-clan.net>
Date: Wed, 09 Mar 2011 17:06:08 -0600
Message-ID: <4D7807E0.3070407@rowe-clan.net>
To: Adrien de Croy <adrien@qbik.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 3/9/2011 4:55 PM, Adrien de Croy wrote:
> 
> 
> On 10/03/2011 11:44 a.m., Julian Reschke wrote:
>>
>> I can think of three ways for recipients to handle these:
>>
>> a) fail to parse C-L, and treat the message as invalid (closing the connection because
>> of broken framing)
>>
>> b) accept the duplicate value, and use the C-L as if it wasn't repeated
>>
>> c) fail to parse C-L, and just treat the C-L header field as invalid, but continue
>> processing by reading until the end of connection
>>
>> Smuggling could only happen if some recipients did c), right? Those that do this IMHO
>> are already non-compliant, so I'm not sure how mandating b) helps...
>>
> 
> What should a proxy do?  It has the task of putting something together to send a client.
> 
> it seems to me the only safe option is a.  It's also the only option that provides any
> incentive for people to fix their sites.

Well, d) was omitted, fail with a 400, having read the rest of the headers off the
wire, but without draining the [misrepresented] body.
Received on Wednesday, 9 March 2011 23:07:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT