Re: JSON headers

In message <>, Julian Reschke
>On 2016-07-08 20:44, Phil Hunt wrote:
>> Not sure if this has been discussed. One of the biggest problems with
>> HTTP request signing has been repeat headers. It presents problem of
>> detecting which headers are intended and which header was signed first.
>> It would be nice if the JSON encoding handled arrays so that the demand
>> for duplicate headers is removed.  Signing could then be more successful
>> and could even stipulate that the presence of a repeat header in a
>> signed request is a failure condition.
>> ...
>FWIW, duplicate headers aren't really needed, when the header field was 
>defined properly (so the only problem is Set-Cookie, see 

I'll second the call for a blanket ban on repeat headers if they
use the new (JSON-)syntax.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 10 July 2016 08:05:27 UTC