- From: Adrien de Croy <adrien@qbik.com>
- Date: Fri, 16 Jul 2010 17:16:13 +1200
- To: "Thomson, Martin" <Martin.Thomson@andrew.com>
- CC: Willy Tarreau <w@1wt.eu>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
just to belabour the point
RFC2616 S 14.10
Message headers listed in the Connection header MUST NOT include end-
to-end headers, such as Cache-Control.
This should either
a) be removed from HTTPbis if we are to take the approach suggested by
Roy; or
b) be elaborated further to specify what an agent should do upon
receiving a message that violates this MUST level requirement
Adrien
On 16/07/2010 5:08 p.m., Thomson, Martin wrote:
>>> Yes, but why is that a problem? First, the process adding headers
>>> should have already removed the Connection header received -- otherwise
>>> it isn't doing its job. Second, even without fixing that bug, the
>>> result is fail safe -- the proxy won't be able to forward what it
>>> generated.
>>>
>> It's not a problem from an HTTP point of view, the request is valid. It's
>>
> I don't see why you are belabouring the point. Especially when it is predicated on a software error.
>
> If the client wants a header to go to the origin server, don't use Connection. If a proxy wants to ensure a particular header is set in a particular way, set that header.
>
> Yes, you can probably screw up all sorts of things by doing all sorts of dumb things. It's pointless compromising the integrity of a perfectly sound specification so that you can club a few idiots over the head with it. That's a self-defeating principle - the idiots will simply find another dumb thing to do that you couldn't predict.
>
> Your solution here is to submit a bug report.
>
> --Martin
>
Received on Friday, 16 July 2010 05:16:54 UTC