On Wed, 13 Sep 2017 08:29:44 -0500 William A Rowe Jr <wr...@rowe-clan.net> wrote:
> So moving forwards, can we stop accepting stuff that isn't HTTP/1.1 in > our HTTP/1.1 server? Do we really want people to configure their > server to speak "other"? Did you mean to say "stop accepting ..."? > I'm starting to collect https://wiki.apache.org/httpd/Applications > based on searching google for instances where users have toggled > HttpProtocolOptions Unsafe, in response to specific application > behavior. Perhaps a useful exercise, but could take us in to a bad cycle of application workarounds that long-outlive the application being fixed. > From this list, we might decide to allow non-HTTP/1.1 input in > specific cases, and perhaps have multiple grades of protocol > correctness, as I first proposed. You mean something like Options or AllowOverride? Things that looked like a good idea at the time but led to all sorts of issues as the server evolved! OK, perhaps that's unduly harsh: this will be less problematic to maintain. Are you enumerating cases? -- Nick Kew
