W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Rejecting messages with illegal characters in header fields (was Re: h2 header field names)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 4 Sep 2014 11:28:52 -0700
Message-ID: <CABkgnnXOS4g21fuYG9XV4MsdZwfTKukrh=OsC=LFRq5YNHGXHA@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 4 September 2014 11:26, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2014-09-04 20:20, Martin Thomson wrote:
>> On 3 September 2014 23:53, Julian Reschke <julian.reschke@gmx.de> wrote:
>>> Wait! Percent-Encoded?
>> OK, then we treat header field values containing forbidden characters
>> as malformed?  That invalidates a non-zero number of requests that our
>> various test runs have detected, I think.  Are we OK with that?  I am,
>> but I'm not as naturally conservative as some folks here.
> I believe it's strictly better than rewriting to something the recipient
> doesn't exist...

I'm not sure about the strictly part, but if others are OK with this,
or I don't hear any objections, that's what I'll do.

An experiment might settle this, but I'm not sure if it's worthwhile.
Received on Thursday, 4 September 2014 18:29:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:37 UTC