- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Sun, 10 Jul 2016 09:50:52 +0200
- To: Phil Hunt <phil.hunt@oracle.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 2016-07-08 20:44, Phil Hunt wrote: > Not sure if this has been discussed. One of the biggest problems with > HTTP request signing has been repeat headers. It presents problem of > detecting which headers are intended and which header was signed first. > > It would be nice if the JSON encoding handled arrays so that the demand > for duplicate headers is removed. Signing could then be more successful > and could even stipulate that the presence of a repeat header in a > signed request is a failure condition. > ... FWIW, duplicate headers aren't really needed, when the header field was defined properly (so the only problem is Set-Cookie, see <https://greenbytes.de/tech/webdav/rfc7230.html#field.order>). The current JFV spec uses JSON arrays as data mpdels, and thus maps well to the HTTP header field data model: 1. Ordering is significant 2. Values can appear in separate field values, or comma-delimited 3. Multiple values can be recombined using comma as delimiter etc. Best regards, Julian
Received on Sunday, 10 July 2016 07:51:26 UTC