W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Restricting the HTTP method definition

From: Roy T. Fielding <fielding@gbiv.com>
Date: Sat, 24 Aug 2013 21:47:42 -0700
Cc: James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org WG" <ietf-http-wg@w3.org>
Message-Id: <55C89DC3-FEDF-45A6-A511-333FF09BB470@gbiv.com>
To: Larry Masinter <masinter@adobe.com>
On Aug 24, 2013, at 1:10 PM, Larry Masinter wrote:

>> Any implementation can choose a maximum method length that it is
>> willing to support -- systems that depend on longer methods will
>> use different software.
> How can a proxy choose, if it wants to handle all expected (legal) traffic? Origin server, sure. Proxy?

The same way it does now ... it reads the request-line until
it finds the end of the method or it decides to send an error
instead.  This is not a problem in practice because the method
occurs before the request target (URI), which means the proxy
is reading the line into an 8kB buffer (typically). The method
is just another string, and is subject to the same length and
overflow protections as any other string parsed by a server.

Received on Sunday, 25 August 2013 04:48:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC