- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 27 Jun 2014 06:38:19 +0200
- To: Roberto Peon <grmocg@gmail.com>
- Cc: K.Morgan@iaea.org, Greg Wilkins <gregw@intalio.com>, Michael.Bishop@microsoft.com, ietf-http-wg@w3.org, martin.thomson@gmail.com
On Thu, Jun 26, 2014 at 05:26:24PM -0700, Roberto Peon wrote: > I mentioned this previously, but large set-cookie headers designed to clear > out cookies. > > The primary motivation was backward compatibility, as we saw when launching > SPDY that assumptions about max header size were often invalid. I've seen > complaints that URL are capped at Xk before, for instance. > > I'll say again that it seems like folks are reacting not to CONTINUATIONS, > but to the fact that headers have unlimited length. > > Continuations could be used with small header sizes, and should not be > confused with the size/anti-backwards compatibility arguments That's an interesting point. So that means that if some dirty client or server finds it easier to send headers in small chunks with CONTINUATION, everyone has to implement it or risks to break. However, if we specify that CONTINUATION may only be used for header sizes that do not fit into one frame, then I think that a number of us will simply reject them and this will incite implementations to avoid abusing headers unless they're working in a very well controlled environment (eg: just like today with H1 where people trying to exceed 8kB over the internet have to be very careful). Willy
Received on Friday, 27 June 2014 04:38:48 UTC