W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Whitespace before responses

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 8 Feb 2012 12:25:34 +1100
Cc: Eric Lawrence <ericlaw@exchange.microsoft.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, httpbis Group <ietf-http-wg@w3.org>
Message-Id: <AD07806D-7592-4681-8835-21745F68AD1B@mnot.net>
To: Roy T. Fielding <fielding@gbiv.com>

On 08/02/2012, at 12:22 PM, Roy T. Fielding wrote:

> On Feb 7, 2012, at 4:53 PM, Mark Nottingham wrote:
> 
>> Current text:
>> """
>>  In the interest of robustness, servers SHOULD ignore at least one
>>  empty line received where a Request-Line is expected.  In other
>>  words, if the server is reading the protocol stream at the beginning
>>  of a message and receives a CRLF first, it SHOULD ignore the CRLF.
>> """
>> 
>> Proposal:
>> 
>> """
>>  In the interest of robustness, servers SHOULD ignore at least one
>>  empty line received where a Request-Line is expected.  In other
>>  words, if the server is reading the protocol stream at the beginning
>>  of a message and receives a CRLF first, it SHOULD ignore the CRLF.
>> 
>>  Likewise, clients SHOULD ignore at least one empty line received
>>  where a Status-Line is expected. 
>> 
>>  Note that this relaxation does not apply to other characters; ignoring
>>  arbitrary non-whitespace characters before a message enables
>>  cross-protocol attacks.
>> """
> 
> No, there is no need nor desire for such a relaxation.  The first rule is
> to allow for backwards-compatible behavior with clients that send CRLF at
> the end of a request without including it in the request message body count.
> This new addition has no corresponding need.  IE is just handling a
> message error, which is entirely dependent on the type of client being used.

Yeah. I'm on the fence about this one; on the one hand, it's not a hard interop requirement, but on the other, pretty much every client does it, AFAICT.


--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 8 February 2012 01:31:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:55 GMT