W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: h2 header field names

From: Julian Reschke <julian.reschke@greenbytes.de>
Date: Thu, 04 Sep 2014 15:18:56 +0200
Message-ID: <540866C0.6020900@greenbytes.de>
To: Mark Nottingham <mnot@mnot.net>, Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: Martin Thomson <martin.thomson@gmail.com>, Roy Fielding <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2014-09-04 14:07, Mark Nottingham wrote:
> On 4 Sep 2014, at 3:02 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>> But I havn't seen *anybody* say that need to be able to put NUL,
>> STX or ANSI-escape sequences in HTTTP headers, so I don't understand
>> why can't we outlaw them in HTTP/2.0, even if we don't settle the
>> ASCII/UTF-8 question yet ?
>> IMO nothing *in* the headers should contain 0x00-0x1f or 0x7f.
>> What makes that decision impossible ?
> Didnít say it was. What do people think?

They are disallowed in HTTP/1.1 (MUST NOT send...), so I think it would 
be good to disallow them in HTTP/2 (hard fail?) as well.

Best regards, Julian
Received on Thursday, 4 September 2014 13:19:29 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC