Re: JSON headers

On Fri, Jul 8, 2016 at 11:44 AM, Phil Hunt <> wrote:
> Not sure if this has been discussed. One of the biggest problems with HTTP
> request signing has been repeat headers. It presents problem of detecting
> which headers are intended and which header was signed first.
> It would be nice if the JSON encoding handled arrays so that the demand for
> duplicate headers is removed.  Signing could then be more successful and
> could even stipulate that the presence of a repeat header in a signed
> request is a failure condition.

JSON doesn't help with this, as key order in objects (as opposed to
lists) is not required or defined.
Different programming languages behave differently here when
iterating. PHP preserves definition order, python orders by hash of
the key, and Go randomises the  order (to prevent accidental
Parsing JSON into native form and writing it out again makes key order
As http headers have order dependent behaviour, this is a problem with
replacing the key: value with JSON.

Received on Saturday, 9 July 2016 21:52:23 UTC