- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 10 Jul 2016 08:04:59 +0000
- To: Julian Reschke <julian.reschke@greenbytes.de>
- cc: Phil Hunt <phil.hunt@oracle.com>, HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <564a72e8-b9d3-1f9c-5982-48f2b07272e5@greenbytes.de>, Julian Reschke writes: >On 2016-07-08 20:44, Phil Hunt wrote: >> Not sure if this has been discussed. One of the biggest problems with >> HTTP request signing has been repeat headers. It presents problem of >> detecting which headers are intended and which header was signed first. >> >> It would be nice if the JSON encoding handled arrays so that the demand >> for duplicate headers is removed. Signing could then be more successful >> and could even stipulate that the presence of a repeat header in a >> signed request is a failure condition. >> ... > >FWIW, duplicate headers aren't really needed, when the header field was >defined properly (so the only problem is Set-Cookie, see ><https://greenbytes.de/tech/webdav/rfc7230.html#field.order>). I'll second the call for a blanket ban on repeat headers if they use the new (JSON-)syntax. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 10 July 2016 08:05:27 UTC