- From: Mark Nottingham <notifications@github.com>
- Date: Thu, 09 Jul 2015 00:37:37 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/34/119857226@github.com>
@rsleevi - I'm reading in a hurry in an airport lounge, but with the caveat, it feels like you're arguing against something that is not this proposal. AIUI this bug is not proposing that trailers be folded into existing headers willy-nilly (which indeed would be insane); rather, it's making them available to applications that specify the use of trailers, and (presumably) understand the various security risks. Now, one might argue that trailers are Just Too Dangerous to expose to *any* application, even with full knowledge. However, I'd find this a might curious place to draw that line, given where we're at. To give an example, I received an e-mail from one of your Googly brethren just yesterday asking about how to put a digest into trailers for integrity checking purposes. I'd design that by defining a header that communicates the algorithm, and a trailer that carries the actual digest. Are there security and interoperability issues in that use case? Certainly, but it's not being designed without trailers in mind. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/34#issuecomment-119857226
Received on Thursday, 9 July 2015 07:38:09 UTC