- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Thu, 04 Sep 2014 15:18:56 +0200
- To: Mark Nottingham <mnot@mnot.net>, Poul-Henning Kamp <phk@phk.freebsd.dk>
- CC: Martin Thomson <martin.thomson@gmail.com>, Roy Fielding <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2014-09-04 14:07, Mark Nottingham wrote: > > On 4 Sep 2014, at 3:02 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > >> But I havn't seen *anybody* say that need to be able to put NUL, >> STX or ANSI-escape sequences in HTTTP headers, so I don't understand >> why can't we outlaw them in HTTP/2.0, even if we don't settle the >> ASCII/UTF-8 question yet ? >> >> IMO nothing *in* the headers should contain 0x00-0x1f or 0x7f. >> >> What makes that decision impossible ? > > Didn’t say it was. What do people think? They are disallowed in HTTP/1.1 (MUST NOT send...), so I think it would be good to disallow them in HTTP/2 (hard fail?) as well. Best regards, Julian
Received on Thursday, 4 September 2014 13:19:29 UTC