W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

[clear-site-data] header field syntax

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 5 Aug 2015 21:15:32 +0200
To: public-webappsec@w3.org
Message-ID: <55C260D4.7090001@gmx.de>
Hi there,

on <http://www.w3.org/TR/2015/WD-clear-site-data-20150804/#header>...:

I'm concerned that this is yet another complex header field syntax that 
requires a custom parser to handle properly. Please consider reusing the 
syntax of something that already exists, such as "Prefer", or to adopt 
JSON (see 
<http://greenbytes.de/tech/webdav/draft-reschke-http-jfv-latest.html>).

Also please have a look at 
<http://greenbytes.de/tech/webdav/rfc7231.html#considerations.for.new.header.fields>.

Nits:

- just define the field *value*; not the complete header field including 
the name; in particular, leading and trailing whitespace aren't supposed 
to be in the field value syntax (they are handled by the message header 
parser)

- don't mix syntax with predefined keyword strings; just define the 
overall syntax and then name the current keywords (and add 
considerations for extensions - must ignore vs must understand etc)

- allowing "extension" to contain whitespace seems weird to me; it would 
be better to just adopt HTTP's token/quoted-string throughout.

Best regards, Julian
Received on Wednesday, 5 August 2015 19:16:05 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC