W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: h2 header field names

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 4 Sep 2014 15:23:04 +0200
To: Julian Reschke <julian.reschke@greenbytes.de>
Cc: Mark Nottingham <mnot@mnot.net>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Martin Thomson <martin.thomson@gmail.com>, Roy Fielding <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140904132304.GA9503@1wt.eu>
On Thu, Sep 04, 2014 at 03:18:56PM +0200, Julian Reschke wrote:
> On 2014-09-04 14:07, Mark Nottingham wrote:
> >
> >On 4 Sep 2014, at 3:02 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> >
> >>But I havn't seen *anybody* say that need to be able to put NUL,
> >>STX or ANSI-escape sequences in HTTTP headers, so I don't understand
> >>why can't we outlaw them in HTTP/2.0, even if we don't settle the
> >>ASCII/UTF-8 question yet ?
> >>
> >>IMO nothing *in* the headers should contain 0x00-0x1f or 0x7f.
> >>
> >>What makes that decision impossible ?
> >
> >Didn?t say it was. What do people think?
> 
> They are disallowed in HTTP/1.1 (MUST NOT send...), so I think it would 
> be good to disallow them in HTTP/2 (hard fail?) as well.

+1

Willy
Received on Thursday, 4 September 2014 13:23:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC