- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 2 Jul 2014 14:25:22 +0200
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Julian Reschke <julian.reschke@gmx.de>, Mark Nottingham <mnot@mnot.net>, "Eric J. Bowman" <eric@bisonsystems.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Jul 02, 2014 at 10:22:37AM +0000, Poul-Henning Kamp wrote: > In message <53B3DB11.9010606@gmx.de>, Julian Reschke writes: > >On 2014-07-02 11:58, Mark Nottingham wrote: > >> Personally - very strong +1. This is fundamental. Yes, it sucks, but it’s how HTTP works, and we can’t change it here. > >> ... > > > >The reason why I raised this is that in HTTP/1.1, the HTTP status isn't > >a header field, so the issue doesn't come up. In HTTP/2, it's a pseudo > >header field, so it *could* appear in trailers, and thus people might be > >tempted to take advantage of it. > > I think the best way to handle this textually, is to explain that :header > are not really headers, but a sleigh of hand HTTP/2 uses to transmit > the non-header protocol fields, and that this does not change the > semantics of those fields in any way. Explaining does not solve everything. It's very clear that content-length may only appear once, still we've had to deal with the multiple C-L case due to bogus application servers or intermediaries and even indicate in the spec how to process them :-/ I think here we should take the first steps and write an explicit "MUST NOT be sent" and a "SHOULD reset the stream if received" in the spec so that everyone acts correctly and people cannot develop such crap without noticing. Willy
Received on Wednesday, 2 July 2014 12:25:51 UTC