- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 6 Apr 2009 19:58:11 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
With the ABNF changes and explicit whitespace in the -06 drafts, the editors believe that issue #30 is addressed. Specifically; 1. Is LWS permitted between the field-name and colon? No, because this is a security issue. Relevant text from p1: > No whitespace is allowed between the header field-name and colon. > For security reasons, any request message received containing such > whitespace MUST be rejected with a response code of 400 (Bad > Request) and any such whitespace in a response message MUST be > removed. 2. What about LWS before the field-name? Not allowed in the proposed grammar. -- Mark Nottingham http://www.mnot.net/
Received on Monday, 6 April 2009 09:58:49 UTC