- From: sleevi <notifications@github.com>
- Date: Thu, 24 May 2018 06:03:33 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 24 May 2018 13:03:56 UTC
@annevk My quick read is that infrastructure would have the same problem - if a field isn’t defined as a list, you don’t trigger the parse as list, so you end up with a semantic transformation. I honestly don’t know what the expected norm is - my understanding was that middleboxes should not transform unrecognized headers and can only transform `#list` headers, so this would be a non-issue. If that is not a reasonable assumption, and certainly this header isn’t using the token syntax, then it seems like the URL parser should support `%`-escape sequences in the entirety of the URL, and the header use that form? It just seems that disallowing commas would have the goal of making the ACAO invalid, which may be a safer failure mode for this header, but does that mean that `,` is forbidden or just needs to be percent-escaped? And if the latter, does that mean it also has to be percent-escaped if new headers use quoted-string and don’t have this issue? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/390#issuecomment-391706626
Received on Thursday, 24 May 2018 13:03:56 UTC