W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Uppercase/lowercase header field names

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 15 Oct 2013 17:15:27 -0700
Message-ID: <CABkgnnXVdeB6mEG-Dp4Jb0UcNiFy66jkZ3apztL+j5VPLreMyw@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
With the decision to have header compression treat header data as
opaque bytes, we're back to the old problem we never solved regarding
the requirement to downcase header field names.  In fact, it was
missing from -06 and no one noticed.

I've put in a fix for this:
https://github.com/http2/http2-spec/commit/115bc86868c8ff35a52219bda31e17baea24f088

The trick here is that I've marked requests and responses that contain
uppercase names as malformed.  That means that they fall under the
same rules as requests without a target URI, responses without status
codes, messages that include verboten header fields (e.g., TE or
Connection), and messages with conflicting content-length values.

The upshot is that we are allowing forwarding if you aren't looking at
the headers (the B2BUA concepts from the SIP world would be really
handy at this point to explain this particular distinction), but
requiring that:

a) malformed requests fail (with an HTTP response being optional)

b) malformed requests aren't passed to applications

I don't think that this constitutes a change of intent, but I'd like
to pass this under people's noses before shipping a new revision.  As
always, pull requests are happily received.

--Martin
Received on Wednesday, 16 October 2013 00:15:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC