> On Oct 15, 2016, at 2:10 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > On Sat, Oct 15, 2016 at 3:54 AM, William A Rowe Jr <wr...@rowe-clan.net > <mailto:wr...@rowe-clan.net>> wrote: > On Fri, Oct 14, 2016 at 4:44 PM, Roy T. Fielding <field...@gbiv.com > <mailto:field...@gbiv.com>> wrote: > Right, though several people have requested it now as errata. Seems likely to > be in the final update for STD. > > In the HttpProtocolOptions Unsafe mode, it is tolerated. > > Should it be the proper 'Strict' behavior to parse (never generate) such > noise? > > FWIW, I see very little harm in potentially unsafe chunk headers because > it becomes a serious chore to inject between alternating \r-only vs \n-only > vs space trailing chunk headers. I'm not suggesting it can't be done, but > most requests-with-body are intrinsically not idempotent, so one must be > extremely clever to affect cache history. > > But it isn't impossible, so if the editors follow the way of BWS vs. follow > the absolute explicit statements about HTTP request field names and > the trailing ':', I'd be somewhat disappointed. Tighten ambiguity where > there was little ambiguity before. Make explicit the real ambiguity for > all user-agents and servers to implement. /shrug.
We tried. People complained. In any case, BWS only includes *( SP / HTAB ). Not much ambiguity there. ....Roy