- From: Mike West <mkwst@google.com>
- Date: Sun, 9 Aug 2015 09:31:34 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=czDtmPm7ePQJ9+Jss6DOefpHWdve=hRioXUFbkHRHCww@mail.gmail.com>
Hey Julian! Thanks for the feedback! On Wed, Aug 5, 2015 at 9:15 PM, Julian Reschke <julian.reschke@gmx.de> wrote: > Hi there, > > on <http://www.w3.org/TR/2015/WD-clear-site-data-20150804/#header>...: > > I'm concerned that this is yet another complex header field syntax that > requires a custom parser to handle properly. Please consider reusing the > syntax of something that already exists, such as "Prefer" I'm trying to parse the `Prefer` ABNF (defined in http://tools.ietf.org/html/rfc7240#section-2). It says that `token` and `word` are defined within Sections 3.2.1 and 3.2.4 of [RFC7230], but they don't appear to actually be defined there. Can you point me to the correct reference (I assume `token` is from http://tools.ietf.org/html/rfc7230#section-3.2.6, but I can't find `word`)? > or to adopt JSON (see < > http://greenbytes.de/tech/webdav/draft-reschke-http-jfv-latest.html>). > Hrm. The response to this seemed mixed at the workshop (though I came into the presentation late). How much support is there in general? Would this be the only JSON header? I'd prefer not to break new ground in header syntax... :) > > Also please have a look at < > http://greenbytes.de/tech/webdav/rfc7231.html#considerations.for.new.header.fields > >. > > Nits: > > - just define the field *value*; not the complete header field including > the name; in particular, leading and trailing whitespace aren't supposed to > be in the field value syntax (they are handled by the message header parser) > > - don't mix syntax with predefined keyword strings; just define the > overall syntax and then name the current keywords (and add considerations > for extensions - must ignore vs must understand etc) > > - allowing "extension" to contain whitespace seems weird to me; it would > be better to just adopt HTTP's token/quoted-string throughout. These are super helpful, thank you. ABNF is not my strong point, obviously. -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Sunday, 9 August 2015 07:32:23 UTC