Re: [whatwg/xhr] Why does headers-normalize-response.htm expect null bytes to be allowed? (#165) from Bence Béky on 2018-04-11 (public-webapps-github@w3.org from April 2018)

From: Bence Béky <notifications@github.com>
Date: Wed, 11 Apr 2018 12:14:53 +0000 (UTC)
To: whatwg/xhr <xhr@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/xhr/issues/165/380430441@github.com>

It seems inconsistent to allow null characters in responses and not in requests.  Why not stick to the current specification and disallow them in both?  In any case, I agree that Chrome's current behavior is not optimal.

What is currently done with requests that have null bytes?  Are the header fields ignored, or the whole request rejected with an error?  If they are rejected, could responses be rejected with a similar error?  If they are happily accepted, maybe the spec could reflect that.

Are you aware of a use case that would justify the need to accept headers with null characters?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/xhr/issues/165#issuecomment-380430441

Received on Wednesday, 11 April 2018 12:15:17 UTC