Re: Comments on the HTTP Sec-From Header (draft-abarth-origin)

On Sat, Jul 11, 2009 at 6:01 PM, Mark Nottingham<> wrote:
> On 09/07/2009, at 3:58 PM, Adam Barth wrote:
>>> * The header field-value is defined as containing LWS characters. There
>>> isn't a reference for that rule, and FYI that form is being deprecated by
>>> HTTPbis; it would probably be better to say one or more whitespace
>>> characters. Another option would be to make it a comma-separated list, to
>>> pull it in line with the definitions of other HTTP headers.
>> My understanding is that using a comma-separated list would change the
>> semantics because of header coalescing.
> How so? I.e., does this:
> Sec-From:,
> place an semantic significance on the split between a/b and c/d?

I don't believe that header value is conforming, according to the
draft.  I can define the processing behavior, if you like.  I'd
probably define it to ignore everything after the comma (likewise,
ignore any Sec-From header after the first).


Received on Sunday, 12 July 2009 08:05:00 UTC