- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 13 Feb 2012 08:16:31 +0100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hi Mark, On Mon, Feb 13, 2012 at 03:10:06PM +1100, Mark Nottingham wrote: > Looking at this a bit more. > > We can't use OWS or BWS here, because they both include obs-fold. > > So, proposal: > > > Add a new construct: > > SSP = SP / 1*BSP ; preferred single space > BSP = ( HTAB / SP ) ; "bad" space > > And change Request-Line and Status-Line to: > > Request-Line = Method SSP request-target SSP HTTP-Version BSP CRLF > Status-Line = HTTP-Version SSP Status-Code SSP Reason-Phrase BSP CRLF > > With appropriate text cautioning against generation of BSP, but advising consumption of it. > > Thoughts? FWIW, haproxy has never allowed HTABs nor multiple spaces here and still we dont get error reports. In fact the only times I catch this, it comes from a poorly-written attack script. I don't think we should relax the parsing rules, and it seems like Amos and I were on the same line of "exactly matching" one SP. Regards, Willy
Received on Monday, 13 February 2012 07:16:59 UTC