W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Whitespace before responses

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 7 Feb 2012 17:22:35 -0800
Cc: Eric Lawrence <ericlaw@exchange.microsoft.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, httpbis Group <ietf-http-wg@w3.org>
Message-Id: <5EA88F29-E6CF-472B-A5A1-59AE8CEF6EE5@gbiv.com>
To: Mark Nottingham <mnot@mnot.net>
On Feb 7, 2012, at 4:53 PM, Mark Nottingham wrote:

> Current text:
> """
>   In the interest of robustness, servers SHOULD ignore at least one
>   empty line received where a Request-Line is expected.  In other
>   words, if the server is reading the protocol stream at the beginning
>   of a message and receives a CRLF first, it SHOULD ignore the CRLF.
> """
> 
> Proposal:
> 
> """
>   In the interest of robustness, servers SHOULD ignore at least one
>   empty line received where a Request-Line is expected.  In other
>   words, if the server is reading the protocol stream at the beginning
>   of a message and receives a CRLF first, it SHOULD ignore the CRLF.
> 
>   Likewise, clients SHOULD ignore at least one empty line received
>   where a Status-Line is expected. 
> 
>   Note that this relaxation does not apply to other characters; ignoring
>   arbitrary non-whitespace characters before a message enables
>   cross-protocol attacks.
> """

No, there is no need nor desire for such a relaxation.  The first rule is
to allow for backwards-compatible behavior with clients that send CRLF at
the end of a request without including it in the request message body count.
This new addition has no corresponding need.  IE is just handling a
message error, which is entirely dependent on the type of client being used.

....Roy
Received on Wednesday, 8 February 2012 01:25:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:55 GMT