On Wed, Nov 18, 2009 at 9:19 PM, Robert Collins <[email protected]> wrote: > On Wed, 2009-11-18 at 16:12 -0600, Edwin Grubbs wrote: >> >> Leonard already mentioned HTTP Pipelining, but I didn't see any >> explanation why we wouldn't want to use that instead of our own custom >> header processing. > > Don't use or depend on HTTP pipelining. > > Its a security and correctness nightmare. > > -Rob
Since you didn't define which security and correctness nightmares that HTTP pipelining introduces, I tried to google for an answer. All I could find were criticisms that pipeling would make it hard to detect DOS attacks and that its performance improvements are limited because the spec requires that the responses are sent in the same order as the requests, which can prevent quick results from being sent before slow results are finished. Rolling our own solution would allow us to circumvent pipelining's ordering requirement, but I am wondering if we will run into all of its other drawbacks such as networking equipment servers handling more and more long running connections. I stumbled upon an interesting proof of concept of this idea. The DUI.Stream javascript library actually parses each chunk of data as it comes in by polling the request.responseText attribute every 15ms after the request enters the LOADING state. It expects the response to be in multipart/mixed mime format. http://about.digg.com/blog/duistream-and-mxhr -Edwin _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
