- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Sat, 24 Aug 2013 21:47:42 -0700
- To: Larry Masinter <masinter@adobe.com>
- Cc: James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org WG" <ietf-http-wg@w3.org>
On Aug 24, 2013, at 1:10 PM, Larry Masinter wrote: >> Any implementation can choose a maximum method length that it is >> willing to support -- systems that depend on longer methods will >> use different software. > > How can a proxy choose, if it wants to handle all expected (legal) traffic? Origin server, sure. Proxy? The same way it does now ... it reads the request-line until it finds the end of the method or it decides to send an error instead. This is not a problem in practice because the method occurs before the request target (URI), which means the proxy is reading the line into an 8kB buffer (typically). The method is just another string, and is subject to the same length and overflow protections as any other string parsed by a server. ....Roy
Received on Sunday, 25 August 2013 04:48:07 UTC