Re: Rejecting messages with illegal characters in header fields (was Re: h2 header field names) from Matthew Kerwin on 2014-09-04 (ietf-http-wg@w3.org from July to September 2014)

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Fri, 5 Sep 2014 09:10:43 +1000
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CACweHNA7NYtZB7DKQoqtmX2PjeXdyknxnddxRB9OkZFcqzfuRw@mail.gmail.com>

On 5 September 2014 04:20, Martin Thomson <martin.thomson@gmail.com> wrote:

> On 3 September 2014 23:53, Julian Reschke <julian.reschke@gmx.de> wrote:
> > Wait! Percent-Encoded?
>
> OK, then we treat header field values containing forbidden characters
> as malformed?  That invalidates a non-zero number of requests that our
> various test runs have detected, I think.  Are we OK with that?  I am,
> but I'm not as naturally conservative as some folks here.
>
>
Sounds good to me.


-- 
  Matthew Kerwin
  http://matthew.kerwin.net.au/

Received on Thursday, 4 September 2014 23:11:11 UTC