- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 13 Jan 2023 02:52:38 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 13 January 2023 10:52:51 UTC
The example is at https://httpwg.org/specs/rfc9110.html#rfc.section.14.1.2 (search for "1000 bytes"). HTTP 2616 allowed whitespace: * Before `=` * After `=` * Before `-` * After `-` * Before `,` * After `,` My inclination would be to keep doing that as browsers implemented that correctly and in theory HTTP does not make incompatible changes except if there is a security concern (and even then it's controversial), which I don't think there is in this case. Given that we only consume this for `blob:` URLs which is outside the realm of HTTP I think that is okay. At the same time, keeping it no-whitespace-allowed for CORS makes sense to me as in that case it's in the realm of HTTP so being stricter will result in more interoperability. Producing is already no-whitespace-allowed: https://fetch.spec.whatwg.org/#concept-request-add-range-header. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1070#issuecomment-1381651996 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1070/1381651996@github.com>
Received on Friday, 13 January 2023 10:52:51 UTC