On mån, 2007-11-19 at 02:51 +0000, Jamie Lokier wrote: > A server shouldn't parse the next request as if there's an empty body, > even if that's technically allowed, because it's a security hole, if > we believe there is a likelihood of proxies calculating the message > boundary differently when they forward it. There is actually a slight conflict here. 4.3 Message Body says The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. The correct resolution is to fix 4.4 Message Length to restrict rule 4 to 206 responses only. I would like to also deprecate this message delimiting method as obsolete. chunked encoding fills the gap nicely. Regards HenrikReceived on Monday, 19 November 2007 11:54:02 UTC
This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:43 UTC