- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 7 Sep 2016 17:32:42 +0200
- To: Mike West <mkwst@google.com>
- Cc: "Emily Stark (Dunn)" <estark@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Francois Marier <francois@mozilla.com>, Franziskus Kiefer <fkiefer@mozilla.com>
On Wed, Sep 7, 2016 at 2:08 PM, Mike West <mkwst@google.com> wrote: > I think the more general question is how we'd like to define header syntax > going forward. The HTTP WG in the IETF seems less keen on JSON than I'd > originally thought (http://httpwg.org/http-extensions/jfv.html being more of > an indication that "Some structure would be nice!" rather than a ringing > endorsement of JSON in and of itself). Still, my impression is that JSON is > something that developers understand, and have lots of tooling to support. However, JSON on the web thus far is bound to UTF-8. In HTTP you'd be bound to code points in the range U+0000 to U+00FF, inclusive (with some whitespace and maybe control code point exceptions, unclear). So it's not a straightforward mapping nor could you use your normal serialization tools, etc. I tend to agree that HTTP should get a better story for header parsing, but if the HTTP WG is not behind this strategy and it has some complications, I'm not sure why we should try to push it through. > Given that background, I'd suggest it would be prudent to define header > syntax that's forward-compatible with structured languages like JSON. > Quoting the referrer policy values does that pretty cleanly. I think it's > worth making the change. -- https://annevankesteren.nl/
Received on Wednesday, 7 September 2016 15:33:07 UTC