W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

#443: whitespace in request-target

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 8 May 2013 11:10:56 +1000
Cc: Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <D9D88156-CB19-48ED-91FE-08DF56D2B6DD@mnot.net>
To: Willy Tarreau <w@1wt.eu>
I think that's going beyond the scope of this issue, which was really just about the strength of the requirement.

Since then, we've adjusted the semantics of SHOULD, and I think we can close this ticket as WONTFIX.


On 30/04/2013, at 3:52 PM, Willy Tarreau <w@1wt.eu> wrote:

>    Clients MUST NOT send user-typed delimiters and embedded whitespaces
>    as-is in URIs, and SHOULD either encode them, strip them. Alternatively
>    they MAY simply refuse to perform the request.
>    Servers and intermediaries MUST NOT try to fix embedded spaces and
>    delimiters in URIs, as doing so could lead to interoperability issues
>    and make several components in the chain understand different things.
>    When a request does not parse exactly as defined in the ABNF, an error
>    400 (Bad Request) MUST be returned to the client.

Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 8 May 2013 01:11:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:13 UTC