Re: Restricting the HTTP method definition

On Aug 24, 2013, at 1:10 PM, Larry Masinter wrote:

>> Any implementation can choose a maximum method length that it is
>> willing to support -- systems that depend on longer methods will
>> use different software.
> 
> How can a proxy choose, if it wants to handle all expected (legal) traffic? Origin server, sure. Proxy?

The same way it does now ... it reads the request-line until
it finds the end of the method or it decides to send an error
instead.  This is not a problem in practice because the method
occurs before the request target (URI), which means the proxy
is reading the line into an 8kB buffer (typically). The method
is just another string, and is subject to the same length and
overflow protections as any other string parsed by a server.

....Roy

Received on Sunday, 25 August 2013 04:48:07 UTC