- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 16 Jan 2013 20:41:51 +0100
- To: Zhong Yu <zhong.j.yu@gmail.com>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Nico Williams <nico@cryptonector.com>, Mark Nottingham <mnot@mnot.net>, Karl Dubost <karld@opera.com>, Julian Reschke <julian.reschke@gmx.de>, Piotr Dobrogost <p@ietf.dobrogost.net>, ietf-http-wg@w3.org
Hi, On Wed, Jan 16, 2013 at 12:32:22PM -0600, Zhong Yu wrote: > If different applications interpret duplicate headers differently, we > have a serious problem > > Location: http://abc.com > Location: http://xyz.com > > Some chooses the 1st one, some chooses the 2nd one, and some may see > the merged `http://abc.com,http://xyz.com` (a valid URI) Obviously and the issue is the same with many headers. I was just explaining that this is an example of a *non-compliant* input which is then turned into a different non-compliant output by a middlebox. The problem clearly is with the input and not with the operation performed by the middlebox. So we could recommend middlebox authors against merging the headers because it's hard to do it right, but we have no reason to add a SHOULD NOT which would turn some existing implementations to non-compliant for no reason. Regards, Willy
Received on Wednesday, 16 January 2013 19:42:46 UTC