- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 18 Jun 2020 12:59:07 +0200
- To: Yoav Weiss <yoav@yoav.ws>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Cc: Mark Nottingham <mnot@mnot.net>, Tommy Pauly <tpauly@apple.com>, Ilya Grigorik <igrigorik@gmail.com>, Mike West <mkwst@google.com>
On 16.06.2020 00:15, Yoav Weiss wrote: > Hey all, > > Chromium M84 (which Chrome equivalent is now in Beta) has User-Agent > Client Hints enabled by default, which is using Structured Headers. > > As a result of that, we found multiple sites > <https://bugs.chromium.org/p/chromium/issues/detail?id=1091285> which > seem to have a somewhat allergic reaction to the presence of certain > characters (that are part of the SH format) in request values. > While each site in question is different (in what appears to be coming > from different stacks), we've seen sites that reject requests with > quotes, question marks or equals signs in them. > It's still early, so it's hard to know how widespread the issue is, but > we seem to be adding sites to the list at a faster pace than the pace of > removing fixed ones from it. > > So, I wanted to give this group a heads-up on that front, and maybe get > folks' opinions regarding possible things we could do on that front, > other than outreach and waiting for said sites to fix themselves. > ... Thanks for the heads up. It would be a really bad outcome if that meant that we can't define new request header fields using certain delimiters in their values. That said, the latest change on the ticket appears to be from Monday, so maybe the situation is not as bad as you feared? Best regards, Julian
Received on Thursday, 18 June 2020 10:59:31 UTC