Ignore:
Timestamp:
30/01/14 00:34:05 (7 years ago)
Author:
fielding@…
Message:

(editorial) remove redundant ought to receive unbounded lengths that is covered by 2.5; note the security consideration regarding ignored header fields; see #531

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p1-messaging.xml

    r2604 r2605  
    11501150</t>
    11511151<t>
    1152    HTTP does not place a pre-defined limit on the length of a request-line.
     1152   HTTP does not place a pre-defined limit on the length of a request-line,
     1153   as described in <xref target="conformance"/>.
    11531154   A server that receives a method longer than any that it implements
    11541155   &SHOULD; respond with a <x:ref>501 (Not Implemented)</x:ref> status code.
    1155    A server ought to be prepared to receive URIs of unbounded length, as
    1156    described in <xref target="conformance"/>, and &MUST; respond with a
    1157    <x:ref>414 (URI Too Long)</x:ref> status code if the received
    1158    request-target is longer than the server wishes to parse (see &status-414;).
     1156   A server that receives a request-target longer than any URI it wishes to
     1157   parse &MUST; respond with a
     1158   <x:ref>414 (URI Too Long)</x:ref> status code (see &status-414;).
    11591159</t>
    11601160<t>
     
    14311431</t>
    14321432<t>
    1433    A server ought to be prepared to receive request header fields of unbounded
    1434    length and &MUST; respond with an appropriate
    1435    <x:ref>4xx (Client Error)</x:ref> status code if the received header
    1436    field(s) are larger than the server wishes to process.
    1437 </t>
    1438 <t>
    1439    A client ought to be prepared to receive response header fields of
    1440    unbounded length.
     1433   A server that receives a request header field, or set of fields, larger
     1434   than it wishes to process &MUST; respond with an appropriate
     1435   <x:ref>4xx (Client Error)</x:ref> status code. Ignoring such header fields
     1436   would increase the server's vulnerability to request smuggling attacks.
     1437</t>
     1438<t>
    14411439   A client &MAY; discard or truncate received header fields that are larger
    14421440   than the client wishes to process if the field semantics are such that the
Note: See TracChangeset for help on using the changeset viewer.