- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 10 Apr 2014 09:47:56 +1000
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webappsec@w3.org" <public-webappsec@w3.org>
That language isn’t quite right; as I think / hope I said before, ‘representation’ encompasses content-codings. I think you need something more like this: —8<— The hash is calculated against the representation <http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-26#section-3.1.1.5> without any content-codings applied, except when there is an explicit flag that the content is to be consumed with content-encodings (e.g., saving a gzip’d file to disk). —>8--- Cheers, On 10 Apr 2014, at 3:39 am, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > > Sites do that sort of thing all the time. _All_ the time... > > hahahaha.. ok. I bow to your far more extensive experience with all this :) > > I am going to wait a few days in case anyone else wants to chime in, else I will modify the spec to say what you are pushing for. See previous email if you want to see the text again http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0047.html > > thanks > dev -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 9 April 2014 23:48:25 UTC