- From: Greg Wilkins <gregw@webtide.com>
- Date: Mon, 23 Aug 2021 18:15:57 +1000
- To: Martin Thomson <mt@lowentropy.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Roy Fielding <fielding@gbiv.com>
Received on Monday, 23 August 2021 08:16:21 UTC
On Mon, 23 Aug 2021 at 15:06, Martin Thomson <mt@lowentropy.net> wrote:
> It seems like the allowed characters in fields is a gift that keeps on
> giving.
>
My wife tells me that now I know what it feels like to be a woman in
technology.... say something over and over for ages and people take little
notice... but when some dude called Roy says it everybody says "oh yeah!!"
:)
> Roy opened https://github.com/httpwg/http2-spec/issues/902 asking about
> DQUOTE and "(),/:;<=>?@[]{}".
The text is here:
> https://httpwg.org/http2-spec/draft-ietf-httpbis-http2bis.html#name-field-validity
I'm not sure that https://github.com/httpwg/http2-spec/pull/936/files
actually resolves the concerns Roy raises in #902.
Roy asks (as I did) why are we allowing any of these non valid HTTP
characters to be considered possibly valid (or just not invalid) in h2? I
think to really address #902 then the "MAY treat non valid HTTP characters
as malformed" needs to at least be upgraded to a SHOULD.
If we really REALLY need to allow some implementation to accept some
non-valid HTTP characters, then having something along the lines of what
Willy suggests that has a "MUST NOT generate invalid HTTP" would go a long
way to satiate
cheers
--
Greg Wilkins <gregw@webtide.com> CTO http://webtide.com
Received on Monday, 23 August 2021 08:16:21 UTC