Re: trailers and pseudo-headers

On Wed, Jul 02, 2014 at 10:22:37AM +0000, Poul-Henning Kamp wrote:
> In message <>, Julian Reschke writes:
> >On 2014-07-02 11:58, Mark Nottingham wrote:
> >> Personally - very strong +1. This is fundamental. Yes, it sucks, but it’s how HTTP works, and we can’t change it here.
> >> ...
> >
> >The reason why I raised this is that in HTTP/1.1, the HTTP status isn't 
> >a header field, so the issue doesn't come up. In HTTP/2, it's a pseudo 
> >header field, so it *could* appear in trailers, and thus people might be 
> >tempted to take advantage of it.
> I think the best way to handle this textually, is to explain that :header
> are not really headers, but a sleigh of hand HTTP/2 uses to transmit
> the non-header protocol fields, and that this does not change the
> semantics of those fields in any way.

Explaining does not solve everything. It's very clear that content-length
may only appear once, still we've had to deal with the multiple C-L case
due to bogus application servers or intermediaries and even indicate in
the spec how to process them :-/

I think here we should take the first steps and write an explicit "MUST NOT
be sent" and a "SHOULD reset the stream if received" in the spec so that
everyone acts correctly and people cannot develop such crap without noticing.


Received on Wednesday, 2 July 2014 12:25:51 UTC