On 14.09.2010 07:50, Willy Tarreau wrote: > ... >> I think there are two concerns here: >> 1) making the spec more complex >> 2) making code implementing the spec more complex >> >> Is it going to cause your implementation problems to refuse messages with two matching content-length headers? > > No, it's even easier, I can remove a test in the code ! But I > suspect that I'll have to relax the check again in a few months > to a few years because of the effect mentionned above. Maybe we > could add a single sentence at the end of point 3 of 3.3 : > > "An implementation MAY accept exact duplicates of valid Content-Length > header fields as a single one, though this practice is discouraged". We currently have: "If a message is received without Transfer-Encoding and with either multiple Content-Length header fields or a single Content-Length header field with an invalid value, then the message framing is invalid and MUST be treated as an error to prevent request or response smuggling." We can't have a MAY relax a MUST; that makes it a "SHOULD". We could relax this edge case from MUST to SHOULD, but it would complicate the spec a lot, and I'm not convinced it's really needed. It would be great to have more data on this. > ... Best regards, JulianReceived on Tuesday, 14 September 2010 10:03:01 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:23 UTC