- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Tue, 22 Jul 2008 01:30:11 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: ietf-http-wg@w3.org
- Message-Id: <1216683011.30284.28.camel@henriknordstrom.net>
On sön, 2008-07-20 at 18:36 +0200, Julian Reschke wrote: > In the meantime I noticed that Content-Disposition really is a second > rate header in RFC2616: Indeed. I assumed you alread knew this. It's very obvious from the way 2616 is written.. Content-Disposition is not officially part of HTTP/1.1, only mentioned in RFC2616 as it is in widespread use so implementers are aware what it is and how to best deal with it.. Quote from 2616: "Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors" and "documented" in an appendix outside the actual definiiton of HTTP/1.1, relying heavily on references to other RFCs and plenty of warnings... > - more importantly, it doesn't appear in RFC 2068 at all (so how did it > get into the Draft Standard?) I wasn't around, but a guess is due to security flaws in multiple browser implementations at the time making it a hot topic... > Considering that, it's seems best to remove all mentions of C-D from > Part 3, and to create a separate spec that describes the use of > Content-Disposition within HTTP. I.e. what 2616 did, only that it used an appendix instead of a separate document.. I am perfectly fine with that, and also keeping that header outside standards track. But I'll also bet that a number of people will argue that since it's in widespread use it should be within the standard... Regards Henrik
Received on Monday, 21 July 2008 23:30:50 UTC