W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2020

Structured request headers deployment issues

From: Yoav Weiss <yoav@yoav.ws>
Date: Tue, 16 Jun 2020 00:15:06 +0200
Message-ID: <CACj=BEiT7GnKeS_2wFK8jL0jUFtFYoX-wvXnSsPO4nYJ5P=2bQ@mail.gmail.com>
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Cc: Mark Nottingham <mnot@mnot.net>, Tommy Pauly <tpauly@apple.com>, Ilya Grigorik <igrigorik@gmail.com>, Mike West <mkwst@google.com>
Hey all,

Chromium M84 (which Chrome equivalent is now in Beta) has User-Agent Client
Hints enabled by default, which is using Structured Headers.

As a result of that, we found multiple sites
<https://bugs.chromium.org/p/chromium/issues/detail?id=1091285> which seem
to have a somewhat allergic reaction to the presence of certain characters
(that are part of the SH format) in request values.
While each site in question is different (in what appears to be coming from
different stacks), we've seen sites that reject requests with quotes,
question marks or equals signs in them.
It's still early, so it's hard to know how widespread the issue is, but we
seem to be adding sites to the list at a faster pace than the pace of
removing fixed ones from it.

So, I wanted to give this group a heads-up on that front, and maybe get
folks' opinions regarding possible things we could do on that front, other
than outreach and waiting for said sites to fix themselves.

Cheers,
Yoav
Received on Monday, 15 June 2020 22:15:38 UTC

This archive was generated by hypermail 2.4.0 : Monday, 15 June 2020 22:15:42 UTC