W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Multiple header fields with the same field name - unwritten assumption about quoted commas in values?

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 16 Jan 2013 20:41:51 +0100
To: Zhong Yu <zhong.j.yu@gmail.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Nico Williams <nico@cryptonector.com>, Mark Nottingham <mnot@mnot.net>, Karl Dubost <karld@opera.com>, Julian Reschke <julian.reschke@gmx.de>, Piotr Dobrogost <p@ietf.dobrogost.net>, ietf-http-wg@w3.org
Message-ID: <20130116194151.GD21039@1wt.eu>

On Wed, Jan 16, 2013 at 12:32:22PM -0600, Zhong Yu wrote:
> If different applications interpret duplicate headers differently, we
> have a serious problem
>     Location: http://abc.com
>     Location: http://xyz.com
> Some chooses the 1st one, some chooses the 2nd one, and some may see
> the merged `http://abc.com,http://xyz.com` (a valid URI)

Obviously and the issue is the same with many headers. I was just explaining
that this is an example of a *non-compliant* input which is then turned into
a different non-compliant output by a middlebox. The problem clearly is with
the input and not with the operation performed by the middlebox. So we could
recommend middlebox authors against merging the headers because it's hard to
do it right, but we have no reason to add a SHOULD NOT which would turn some
existing implementations to non-compliant for no reason.

Received on Wednesday, 16 January 2013 19:42:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:09 UTC