- From: Nico Williams <nico@cryptonector.com>
- Date: Wed, 29 Apr 2015 19:21:58 -0500
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: RFC Errata System <rfc-editor@rfc-editor.org>, julian.reschke@greenbytes.de, barryleiba@computer.org, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org
On Wed, Apr 29, 2015 at 04:00:36PM -0700, Roy T. Fielding wrote: > > Ignoring the Content-Length has the side-effect (which I assume was > > intentional, but I wanted a clarification for it) that the 2xx CONNECT > > response body is treated as application data. Why ignore that which > > must not be sent, and why ignore it if processing it and then treating > > the response body as application data... has the same effect? > > The header fields MUST be ignored -- not the bits after the response. > The response has no body! Clearly. We're talking about proxies that nonetheless send one (see responses on the list yesterday and today to my clarification request). And why require clients to ignore that which must not be present, if not because sometimes they are? It's when a proxy sends Content-Length: and a response body [in a 2xx response to CONNECT] that ignoring it has the effect of treating the body as application data. An effect that I agree is desirable, and so that should be stated, rather than left implied. > That is what the spec says. We don't need to clarify it further, and it > certainly isn't an erratum. The spec can say what it says, but several people have asserted (in responses on the list yesterday and today) that they've seen violations. > The second paragraph you quoted is about request bodies, not response bodies. > Changing it would be completely incorrect. Oh, I didn't mean to leave that out. Yes, that's a braino. Nico --
Received on Thursday, 30 April 2015 00:22:21 UTC