On Mon, Oct 17, 2016 at 1:48 PM, Roy T. Fielding <[email protected]> wrote:
> On Oct 15, 2016, at 2:10 AM, William A Rowe Jr <[email protected]> > wrote: > > On Sat, Oct 15, 2016 at 3:54 AM, William A Rowe Jr <[email protected]> > wrote: > >> On Fri, Oct 14, 2016 at 4:44 PM, Roy T. Fielding <[email protected]> >> wrote: >> >>> Right, though several people have requested it now as errata. Seems >>> likely to be in the final update for STD. >>> >> >> In the HttpProtocolOptions Unsafe mode, it is tolerated. >> >> Should it be the proper 'Strict' behavior to parse (never generate) such >> noise? >> > > FWIW, I see very little harm in potentially unsafe chunk headers because > it becomes a serious chore to inject between alternating \r-only vs > \n-only > vs space trailing chunk headers. I'm not suggesting it can't be done, but > most requests-with-body are intrinsically not idempotent, so one must be > extremely clever to affect cache history. > > But it isn't impossible, so if the editors follow the way of BWS vs. > follow > the absolute explicit statements about HTTP request field names and > the trailing ':', I'd be somewhat disappointed. Tighten ambiguity where > there was little ambiguity before. Make explicit the real ambiguity for > all user-agents and servers to implement. /shrug. > > > We tried. People complained. > > In any case, BWS only includes *( SP / HTAB ). Not much ambiguity there. > Fair enough. There is no BWS allowed at present, nor a bare CR or LF, at this point. httpd is free to respond with any action it likes. The original and distributed behaviors allow CRLF or LF, CR followed by other than LF was disallowed. The new trunk behavior disallows a bare LF also. The original action was *(SP / HTAB), the distributed behavior restricts this to 10 SP/HTAB characters, the new trunk behavior disallows SP / HTAB between the final hex digit and ';' delimiter. Note that we don't support the true *(SP / HTAB) rule by limiting it very severely. I favor leaving the new no-space-tolerance rule but will accept the group's choices, Roy appears to concede to accepting some BWS. I guess a quick poll is in order... opinions?
