- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 08 Nov 2010 10:02:49 +0100
- To: Adam Barth <ietf@adambarth.com>
- CC: Adrien de Croy <adrien@qbik.com>, httpbis <ietf-http-wg@w3.org>
On 08.11.2010 00:43, Adam Barth wrote: > ... > Honestly, the browser. We've tried this experiment with mixed content > (HTTP resources inside HTTPS pages). That's pretty much exactly what > the messaging is in the user interface. We get feedback from users > that they've switched to other browsers that don't show them these > scary warnings. > ... Can we please stop mixing up things? Ignoring a header field does *not* require displaying an error message to the user. Nor does it break any kind of contract, as C-D is advisory only anyway. What we *can* do is to say what a good way of "ignoring" broken stuff is. For instance: - if the value doesn't parse per the ABNF, it's invalid, so ignore the whole header - if a parsed parameter value is invalid (percent-escaped sequence does not match the specified charset, for instance), ignore the *parameter* and go on ...but I'm not even sure that having the 2nd case makes any measurable difference in practice. Best regards, Julian
Received on Monday, 8 November 2010 09:03:34 UTC