Re: Issues addressed in the -10 and -11 drafts

On 14.09.2010 07:50, Willy Tarreau wrote:
> ...
>> I think there are two concerns here:
>>    1) making the spec more complex
>>    2) making code implementing the spec more complex
>> Is it going to cause your implementation problems to refuse messages with two matching content-length headers?
> No, it's even easier, I can remove a test in the code ! But I
> suspect that I'll have to relax the check again in a few months
> to a few years because of the effect mentionned above. Maybe we
> could add a single sentence at the end of point 3 of 3.3 :
>   "An implementation MAY accept exact duplicates of valid Content-Length
>    header fields as a single one, though this practice is discouraged".

We currently have:

"If a message is received without Transfer-Encoding and with either 
multiple Content-Length header fields or a single Content-Length header 
field with an invalid value, then the message framing is invalid and 
MUST be treated as an error to prevent request or response smuggling."

We can't have a MAY relax a MUST; that makes it a "SHOULD".

We could relax this edge case from MUST to SHOULD, but it would 
complicate the spec a lot, and I'm not convinced it's really needed.

It would be great to have more data on this.

 > ...

Best regards, Julian

Received on Tuesday, 14 September 2010 10:03:01 UTC