W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Handling multiple headers when only one is allowed

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Thu, 17 Dec 2009 00:53:28 -0800
Message-ID: <448e9a320912170053h18afb91erdc0bd54185269b50@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Thomas Roessler <tlr@w3.org>, Bil Corry <bil@corry.biz>, public-web-security@w3.org
> As an aside -- I'm curious about the "they tend not to focus on such earthly things" characterisation. On what basis was that impression formed?

Sorry, that was not meant to be inflammatory; historically, HTTP specs
would either explicitly or implicitly steer clear of most
implementation-level security topics (e.g., header charsets,
precedence, caching header conflict resolution, etc). If that's not
the intention anymore, good.

/mz
Received on Thursday, 17 December 2009 08:54:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT