W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: trailers and pseudo-headers

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 2 Jul 2014 14:25:22 +0200
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Julian Reschke <julian.reschke@gmx.de>, Mark Nottingham <mnot@mnot.net>, "Eric J. Bowman" <eric@bisonsystems.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140702122522.GE28975@1wt.eu>
On Wed, Jul 02, 2014 at 10:22:37AM +0000, Poul-Henning Kamp wrote:
> In message <53B3DB11.9010606@gmx.de>, Julian Reschke writes:
> >On 2014-07-02 11:58, Mark Nottingham wrote:
> >> Personally - very strong +1. This is fundamental. Yes, it sucks, but it’s how HTTP works, and we can’t change it here.
> >> ...
> >
> >The reason why I raised this is that in HTTP/1.1, the HTTP status isn't 
> >a header field, so the issue doesn't come up. In HTTP/2, it's a pseudo 
> >header field, so it *could* appear in trailers, and thus people might be 
> >tempted to take advantage of it.
> I think the best way to handle this textually, is to explain that :header
> are not really headers, but a sleigh of hand HTTP/2 uses to transmit
> the non-header protocol fields, and that this does not change the
> semantics of those fields in any way.

Explaining does not solve everything. It's very clear that content-length
may only appear once, still we've had to deal with the multiple C-L case
due to bogus application servers or intermediaries and even indicate in
the spec how to process them :-/

I think here we should take the first steps and write an explicit "MUST NOT
be sent" and a "SHOULD reset the stream if received" in the spec so that
everyone acts correctly and people cannot develop such crap without noticing.

Received on Wednesday, 2 July 2014 12:25:51 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 September 2019 17:48:19 UTC