W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Header Field definition is too broad

From: Dmitry Filimonov <me@dfilimonov.com>
Date: Thu, 1 May 2014 15:54:28 +0400
To: ietf-http-wg@w3.org
Message-ID: <etPan.536235f5.507ed7ab.95e5@dmitry-mbp-2.local>
Hello everyone,

Recently, I read an article about HTTP2 (http://daniel.haxx.se/blog/2014/04/26/http2-explained/), got very excited about it and now I'm implementing HPACK.

Taken from the HPACK specs:
Header Field:
A name-value pair. Both the name and value are treated as opaque sequences of octets.

This means that both name and value can be anything, right?
This brings several concerns:
  1) this will break compatibility with HTTP1.1. For example, how do I proxy HTTP2 requests to an HTTP1.1 server?
  2) what if my value has a '\0' in it? The receiving side will treat it like 2 separate header fields;
  3) having a binary header value can be justifiable, but what about binary names?

I think that Header Field definition should be simplified comparing to HTTP1.1 specs.
Figuring out which characters are allowed and which are not in HTTP1.1 is a big pain.
But anyway, I think definition should be more restrictive. 

Or maybe I'm missing something?

I created a GitHub issue for this: https://github.com/http2/http2-spec/issues/473

Thank you,
Dmitry Filimonov
Received on Thursday, 1 May 2014 11:54:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC