W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2021

Re: HTTP request validation guidelines for implementers

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 9 Jul 2021 20:45:29 +0200
To: ietf-http-wg@w3.org
Message-ID: <d0f5c770-4b43-b96f-28c0-318d0795e345@gmx.de>
Am 09.07.2021 um 19:51 schrieb João Penteado:
> ...
> 2. If the most servers out there adopt the same validation order, clients will
> gain additional information unavailable before. If, for instance, every server
> checks URI length before checking payload size, and I get a "413 Request Entity
> Too Large" error, I would know for sure that my URI length is fine and all the
> previous checks passed successfully.
> ...

You lost me here.

If a client sends both a too large URI *and* a too large request body,
why does it matter in practice which one is reported first? At the end
of the day, to fix the issue, both problems need to be resolved, no?

Best regards, Julian
Received on Friday, 9 July 2021 18:45:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 9 July 2021 18:45:52 UTC