- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 23 Apr 2013 17:16:02 +1000
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Editorial stuff related to Expect and 1xx: * p2 5.1.1 says "A recipient of a syntactically invalid Expectation header field must respond with a 4xx status code other than 417." We should recommend something specific; e.g., append "(usually, 400 (Bad Request))". * p2 5.1.1.1 says "The 100-continue expectation does not use any expect-params." We should specify that they're to be ignored by recipients. * p2 5.1.1.1: "If an origin server receives a request that does not include an Expect header field with the "100-continue" expectation, the request includes a payload body, and the server responds with a final status code before reading the entire payload body from the transport connection, then the server should not close the transport connection until it has read the entire request, or until the client closes the connection. Otherwise, the client might not reliably receive the response message. However, this requirement ought not be construed as preventing a server from defending itself against denial-of-service attacks, or from badly broken client implementations." This seems out of place (it's about connection management) and largely redundant with the text in p1 6.6. * p2 6.2 says: "Since HTTP/1.0 did not define any 1xx status codes, servers must not send a 1xx response to an HTTP/1.0 client except under experimental conditions." Since this applies to proxies forwarding responses, it needs to be mentioned somewhere in p1 too. * p2 6.2 says: "Proxies must forward 1xx responses, unless the connection between the proxy and its client has been closed, or unless the proxy itself requested the generation of the 1xx response." There needs to be a get-out clause for when there's an HTTP/1.0 client; otherwise this requirement is in conflict with the one above. -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 23 April 2013 07:16:28 UTC