- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Mon, 7 Aug 2017 08:15:48 +0200
- To: Willy Tarreau <w@1wt.eu>
- Cc: Mark Nottingham <mnot@mnot.net>, Cory Benfield <cory@lukasa.co.uk>, Daniel Stenberg <daniel@haxx.se>, Adrien de Croy <adrien@qbik.com>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
+1 > Am 06.08.2017 um 22:19 schrieb Willy Tarreau <w@1wt.eu>: > >> On Sun, Aug 06, 2017 at 11:26:41PM +0800, Mark Nottingham wrote: >> This thread makes me wonder if we can't improve things slightly in HTTPtre. E.g., we could say: >> >>> A header field MUST NOT appear in trailers unless its definition allows it. >>> Receiving implementations MUST ignore header fields appearing in trailers >>> when their definitions do not allow it. >> >> ... with an appropriate column in the header field registry to record this. I >> don't think this would break any existing implementations, because trailers >> are so seldom used right now, and I think there's a strong argument that this >> is the case anyway; the consuming application has to expect something in >> trailers to act upon it. > > I think it's a good idea. Ie: if the consumer didn't expect to process them, > they will indeed be ignored so it's pointless for the sender to send random > ones there. So ensuring that they're not mixed with the others in case of > mistake or malicious attempt seems reasonable to me. > > Willy >
Received on Monday, 7 August 2017 06:16:14 UTC