- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 21 Sep 2010 12:14:43 +1000
- To: Roy T. Fielding <fielding@gbiv.com>
- Cc: Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>
On 21/09/2010, at 8:51 AM, Roy T. Fielding wrote: > > I don't have a problem with the first change (duplicate headers > being allowed) or "Content-Length: n, n". > > The latter changes don't work. "it" is ambiguous, and > "SHOULD NOT be used" is a new requirement that no current browser > supports AFAIK. Yes, but the feedback from them about making this change is positive, overall. Making breaking changes to fix security issues is allowed by our charter. > And there are no subsequent responses on the > connection because the framing no longer works -- they all get > folded into that one response because the message length is > determined by connection close [in practice]. Can you suggest a rewrite? > I did not specify any specific choice of how a user agent > might inspect the stream and make a safe choice about which > of the lengths actually work for that response because, AFAIK, > none of them do so now. I'd love to be proven wrong about that > by a sudden desire of user agents to conform to a single behavior. I think it's worth discussing. As it is, it looks to me like the preference is to require that the response not be used at all, rather than trying to figure out how to salvage it. > I don't think we can require anything more than it SHOULD be > indicated as an error. I read the discussion so far as leaning towards getting rid of that requirement. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 21 September 2010 02:15:16 UTC