On Aug 25, 2016 22:02, "William A Rowe Jr" <wr...@rowe-clan.net> wrote:
> 3. Do we need multiple layers of 'Strict'ness, or should there be a single toggle, or no toggle, no tolerant input at all in the next 2.2/2.4 releases? My thoughts on three toggles ran like this... Unsafe allows things httpd has offered which run counter to the current RFC723x series of specs. Admins supporting errant user-agents would unlock this alone. UnsafeWhitespace allows unusual whitespace defined in RFC7230 section 3.5 that httpd has permitted. It is cautioned against but doesn't fit that first pattern. If this is the only error encountered in a necessary user-agents, This is all the admin should permit. This is the easiest to fold into a general Unsafe flag. UnsafeURI might be the single most common error encountered, and flows from RFC3986's precise grammar. I expect more admins will have to permit this exception than either of the two above. Anyways, just wanted to share my thoughts on why two or three flags may be appropriate.