- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 6 Aug 2021 08:56:48 +0200
- To: Nick Harper <ietf@nharper.org>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Martin Thomson <mt@lowentropy.net>
On Thu, Aug 05, 2021 at 10:10:21PM -0700, Nick Harper wrote: > On Thu, Aug 5, 2021 at 9:57 PM Willy Tarreau <w@1wt.eu> wrote: > > > On Thu, Aug 05, 2021 at 09:01:33PM -0700, Nick Harper wrote: > > > I see that draft-ietf-httpbis-http2bis-03 has new > > > language to mostly cover that issue. I say "mostly" because I don't see > > any > > > specification of what should happen if multiple :authority pseudo-headers > > > are present. (I would argue that that is a malformed request.) > > > > Yep it's malformed. In 7540#8.1.2.3, it was already said: > > > > All HTTP/2 requests MUST include exactly one valid value for the > > ":method", ":scheme", and ":path" pseudo-header fields, ... > > > > Unless I'm misreading something, that only covers some pseudo-headers, but > it doesn't include :authority. (The same language missing :authority is in > http2bis section 8.3.1.) Indeed, you're absolutely right, I never noticed that. This perfectly illustrates what I mentioned regarding detailed enumeration versus intent. I summarized that by making sure no pseudo-header could appear more than once (and of course making sure all those above are present) but I made my implementation resistant against this by pure accident :-/ Willy
Received on Friday, 6 August 2021 06:57:10 UTC