Re: Content-Disposition (new issue?)

On sön, 2008-07-20 at 18:36 +0200, Julian Reschke wrote:

> In the meantime I noticed that Content-Disposition really is a second 
> rate header in RFC2616:

Indeed. I assumed you alread knew this. It's very obvious from the way
2616 is written.. Content-Disposition is not officially part of
HTTP/1.1, only mentioned in RFC2616 as it is in widespread use so
implementers are aware what it is and how to best deal with it..

Quote from 2616:

  "Content-Disposition is not part of
   the HTTP standard, but since it is widely implemented, we are
   documenting its use and risks for implementors"

and "documented" in an appendix outside the actual definiiton of
HTTP/1.1, relying heavily on references to other RFCs and plenty of

> - more importantly, it doesn't appear in RFC 2068 at all (so how did it 
> get into the Draft Standard?)

I wasn't around, but a guess is due to security flaws in multiple
browser implementations at the time making it a hot topic...

> Considering that, it's seems best to remove all mentions of C-D from 
> Part 3, and to create a separate spec that describes the use of 
> Content-Disposition within HTTP.

I.e. what 2616 did, only that it used an appendix instead of a separate

I am perfectly fine with that, and also keeping that header outside
standards track. But I'll also bet that a number of people will argue
that since it's in widespread use it should be within the standard...


Received on Monday, 21 July 2008 23:30:50 UTC