Re: [CSP] URI/IRI normalization and comparison

On Wed, Nov 12, 2014 at 9:40 AM, Brian Smith <> wrote:
> If you get a garbage Location like that for anything other than a
> redirect, you just ignore it. When you get a garbage Location like
> that for a redirect, you probably should just show an error page,
> though you'd have to do a survey of browser implementations to know
> for sure what to do.

As far as I know, and I have tested these things, is that we need to
follow it per how I described it.

> In other words, when processing URLs in HTTP headers, in general you
> need to deal with the URL according to RFC 3986 rules at the HTTP
> level, and deal with the URL using HTML5 rules at the HTML level.

That is nonsense.

E.g. we are required to support (note the space)

  Location: /x x/

in HTTP. We don't use a different URL parser for HTTP.


Received on Wednesday, 12 November 2014 08:55:58 UTC