W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: Set-Cookie vs list header parsing (i129)

From: Yves Lafon <ylafon@w3.org>
Date: Thu, 28 Aug 2008 15:19:07 -0400 (EDT)
To: "William A. Rowe, Jr." <wrowe@rowe-clan.net>
cc: Brian Smith <brian@briansmith.org>, 'Julian Reschke' <julian.reschke@gmx.de>, 'Dan Winship' <dan.winship@gmail.com>, ietf-http-wg@w3.org
Message-ID: <Pine.LNX.4.64.0808281504240.24249@ubzre.j3.bet>

On Thu, 28 Aug 2008, William A. Rowe, Jr. wrote:

> Yves Lafon wrote:
>> On Wed, 27 Aug 2008, Brian Smith wrote:
>>> field that is single-valued but erroneously repeated. If an intermediary
>>> combines two single-valued header fields together then it could change the
>>> meaning of the request/response if the combined value is also a legal 
>>> value
>>> for that field (see http://tools.ietf.org/wg/httpbis/trac/ticket/93).
>> If there an example of a repeated single-valued header that, once folded in 
>> one list-valued header becomes legal?
>>  Content-Length: 12
>>  Content-Length: 42
>> is as illegal as
>>  Content-Length: 12,42
>> (and more than likely to trigger a 400 reply)
> You understand that both representations MUST cause a 400 reply, of course?
> The folding is irrelevant to the underlying flaw/contradiction.

Yes, that was the point of my email, an error in two headers is still an 
error once folded :)
The Location use case in interesting, as it depends if in the 
implementation the folding is done before verification of the HTTP headers 
structure, or at the same time, triggering different level of errors in 
the application.

Baroula que barouleras, au tiéu toujou t'entourneras.

Received on Thursday, 28 August 2008 19:19:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:37 UTC