Re: [CTG] Alteration of header fields (4.1.5) / inconsistencies

Eduardo Casais wrote:
>> - any other header that could be changed by a "regular" 
>> proxy?
> In the context of requests, at least the following header fields might undergo modifications: Content-Length, Content-Encoding, and Warning. 
> Scenario: From RFC2616 14.11, a non-transparent proxy may change the encoding of the body. In a POST request, this implies that the Content-Length and Content-Encoding must be adjusted accordingly, and a Warning header field must be inserted or extended.
> In the context of CT-proxies, it is easy to envision further modifications of the request body that would entail modification of the aforementioned header fields. 
> Which means that the proposed resolution:
>> "Proxies SHOULD NOT change headers other than
>> User-Agent and Accept(-*) headers, and 
>> X-Forwarded-For and Via as noted under 4.1.6
>> Additional HTTP Headers if already present, and MUST
>> NOT delete headers.
> leads to a further inconsistency, as per the scenario above...

Good point.

Then maybe we should try to focus on what we're trying to solve with:
  "Proxies SHOULD NOT change headers other than User-Agent and
Accept(-*) headers".

I think most if not all of the problems introduced by CT-proxies on the
request side originate from the modification of the User-Agent and
Accept(-*) headers (and to a lesser extent from the suppression of some
HTTP headers). The statement seems mostly useless in that regard.

I think that what we want to say is:
  * User-Agent and Accept(-*) headers may only be changed in the cases
envisioned by the 3 points of the list
  * HTTP headers must not be deleted
  * it must be possible to reconstruct the original User-Agent and
Accept(-*) headers.
  * as far as the other HTTP headers are concerned, leave it up to the HTTP

In short, I propose something along the lines of:
  Proxies SHOULD NOT modify the User-Agent and Accept(-*) headers unless:
   [list of 3 possibilities, possibly amending the third one]
  Proxies MUST NOT delete headers.
  It MUST be possible to reconstruct the original User-Agent and
Accept(-*) headers (see

... and propose to adjust the wording of section consequently
only to refer to User-Agent and Accept(-*) headers (which we have to do
anyway if we are to register the X-Device-* headers in any proper way)

If deemed necessary, we may add another reference to the RFC HTTP.

I'm sure I forgot something important here. What is it? ;-)


Received on Monday, 1 December 2008 13:43:21 UTC