- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 15 Jul 2010 10:24:48 +1000
- To: Willy Tarreau <w@1wt.eu>
- Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On 14/07/2010, at 7:41 PM, Willy Tarreau wrote: > Well, one of the difficulties with HTTP is that no limit to anything > is specified. That's what makes it that open, but also what causes > so many arbitrary choices. I regularly hear questions such as "what's > the max length a URL can take ?" or "what's the max length of a header ?". > When I reply there's no such limit, people are embarrassed and have to > resort to the "large enough" principle, which generally means using a > type which can hold values that cannot be reached. I agree the spec > cannot correct such behaviours, but when some things are well-known > and some errors not uncommon, it does not cost much to help implementers > not do the same mistakes again. http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-10#section-4.1.2 : > HTTP does not place a pre-defined limit on the length of a request- > target. A server MUST be prepared to receive URIs of unbounded > length and respond with the 414 (URI Too Long) status if the received > request-target would be longer than the server wishes to handle (see > Section 8.4.15 of [Part2]). > > Various ad-hoc limitations on request-target length are found in > practice. It is RECOMMENDED that all HTTP senders and recipients > support request-target lengths of 8000 or more OCTETs. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 15 July 2010 00:25:21 UTC