- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 24 Aug 2021 08:24:13 +0200
- To: Martin Thomson <mt@lowentropy.net>
- Cc: ietf-http-wg@w3.org
On Tue, Aug 24, 2021 at 01:49:38PM +1000, Martin Thomson wrote: > We previously prohibited connection-specific in HTTP/2, but we only really pointed at those listed in Connection. As the core drafts list a set of other fields, it makes sense to reference that. > > The core spec: https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#field.connection > The pull request referencing that: https://github.com/httpwg/http2-spec/pull/946 > > The effect of this is a change. This explicitly includes the fields listed (Proxy-Connection, Keep-Alive, TE, Transfer-Encoding, and Upgrade) as prohibited. We already said that Transfer-Encoding was impossible, so this is consistent with that, but this could be a change. > > Any objections or concerns? Be careful here, "TE" is both listed as forbidden (must be treated as malformed) and "must not contain any value other than trailers". As such I'd remove it from the explicit list, as it's already implied by the general wording. It's not explicitly mentioned that Connection is forbidden, it's only said "not used", which remains ambiguous to me since the list focuses on those that are not listed in Connection. I'd rather explicitly add it to the list of forbidden ones, especially since the sentence about intermediaries that have to remove connection-specific header fields does not mention anymore "along with the connection header itself", so the risk of seeing a connection header field appear somewhere on an H2 connection without being filtered is non-zero. Willy
Received on Tuesday, 24 August 2021 06:24:32 UTC