- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 4 Sep 2014 15:23:04 +0200
- To: Julian Reschke <julian.reschke@greenbytes.de>
- Cc: Mark Nottingham <mnot@mnot.net>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Martin Thomson <martin.thomson@gmail.com>, Roy Fielding <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Sep 04, 2014 at 03:18:56PM +0200, Julian Reschke wrote: > On 2014-09-04 14:07, Mark Nottingham wrote: > > > >On 4 Sep 2014, at 3:02 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > > >>But I havn't seen *anybody* say that need to be able to put NUL, > >>STX or ANSI-escape sequences in HTTTP headers, so I don't understand > >>why can't we outlaw them in HTTP/2.0, even if we don't settle the > >>ASCII/UTF-8 question yet ? > >> > >>IMO nothing *in* the headers should contain 0x00-0x1f or 0x7f. > >> > >>What makes that decision impossible ? > > > >Didn?t say it was. What do people think? > > They are disallowed in HTTP/1.1 (MUST NOT send...), so I think it would > be good to disallow them in HTTP/2 (hard fail?) as well. +1 Willy
Received on Thursday, 4 September 2014 13:23:44 UTC