Rejecting messages with illegal characters in header fields (was Re: h2 header field names) from Martin Thomson on 2014-09-04 (ietf-http-wg@w3.org from July to September 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 4 Sep 2014 11:20:14 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnU1Uw-Ah1Z+aHat8C3yvE-NZ1c7MiQyq33Af38MfJpZmA@mail.gmail.com>

On 3 September 2014 23:53, Julian Reschke <julian.reschke@gmx.de> wrote:
> Wait! Percent-Encoded?

OK, then we treat header field values containing forbidden characters
as malformed?  That invalidates a non-zero number of requests that our
various test runs have detected, I think.  Are we OK with that?  I am,
but I'm not as naturally conservative as some folks here.

Received on Thursday, 4 September 2014 18:20:42 UTC