- From: Dan Winship <dan.winship@gmail.com>
- Date: Thu, 28 Aug 2008 09:54:45 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: Brian Smith <brian@briansmith.org>, ietf-http-wg@w3.org
Julian Reschke wrote: > I don't think that changing things just because some implementations get > them wrong is on our agenda. I didn't mean to suggest actually changing the header merging rules. Maybe I should have said "proxies should not merge" rather than "proxies SHOULD NOT merge". Advice, not requirements. Basically, we know that multiple implementations get this section wrong in different ways (the cookie spec, the WWW-Authenticate bugs, the ignoring-multiple-header bugs Brian mentioned), so this is a really good place to "be conservative in what you send" (meaning multiples of Set-Cookie, WWW-Authenticate, and Proxy-Authenticate, and no multiples of anything else). -- Dan
Received on Thursday, 28 August 2008 13:55:29 UTC