Changeset 269


Ignore:
Timestamp:
Jun 20, 2008, 9:48:20 AM (11 years ago)
Author:
julian.reschke@…
Message:

Resolve #121: RFC 2183 replaced RFC 1806, only cite the newer one (closes #121).

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p3-payload.html

    r268 r269  
    474474         <tr>
    475475            <td class="header left"></td>
    476             <td class="header right">June 19, 2008</td>
     476            <td class="header right">June 20, 2008</td>
    477477         </tr>
    478478      </table>
     
    13501350      </p>
    13511351      <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a>&nbsp;<a id="content-disposition.issues" href="#content-disposition.issues">Content-Disposition Issues</a></h2>
    1352       <p id="rfc.section.8.2.p.1"> <a href="#RFC1806" id="rfc.xref.RFC1806.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix&nbsp;B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the
    1353          HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> (which updates <a href="#RFC1806" id="rfc.xref.RFC1806.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>) for details.
     1352      <p id="rfc.section.8.2.p.1"> <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix&nbsp;B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the
     1353         HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="http://tools.ietf.org/html/rfc2183#section-5">Section 5</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> for details.
    13541354      </p>
    13551355      <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;<a id="ack" href="#ack">Acknowledgments</a></h1>
     
    14371437      <h2 id="rfc.references.2"><a href="#rfc.section.10.2" id="rfc.section.10.2">10.2</a> Informative References
    14381438      </h2>
    1439       <table summary="Informative References">                           
    1440          <tr>
    1441             <td class="reference"><b id="RFC1806">[RFC1806]</b></td>
    1442             <td class="top"><a title="New Century Systems">Troost, R.</a> and <a title="QUALCOMM Incorporated">S. Dorner</a>, “<a href="http://tools.ietf.org/html/rfc1806">Communicating Presentation Information in Internet Messages: The Content-Disposition Header</a>”, RFC&nbsp;1806, June&nbsp;1995.
    1443             </td>
    1444          </tr>
     1439      <table summary="Informative References">                         
    14451440         <tr>
    14461441            <td class="reference"><b id="RFC1945">[RFC1945]</b></td>
     
    15921587      <p id="rfc.section.B.1.p.1">The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename
    15931588         if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition
    1594          in <a href="#RFC1806" id="rfc.xref.RFC1806.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header">[RFC1806]</cite></a>.
     1589         in <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>.
    15951590      </p>
    15961591      <div id="rfc.figure.u.40"></div><pre class="inline"><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span><span id="rfc.iref.g.38"></span>  <a href="#content-disposition" class="smpl">content-disposition</a> = "Content-Disposition" ":"
     
    16881683      </ul>
    16891684      <h2 id="rfc.section.D.5"><a href="#rfc.section.D.5">D.5</a>&nbsp;<a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p3-payload-03</a></h2>
     1685      <p id="rfc.section.D.5.p.1">Closed issues: </p>
     1686      <ul>
     1687         <li> &lt;<a href="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121">http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121</a>&gt;: "RFC 1806 has been replaced by RFC2183"
     1688         </li>
     1689      </ul>
    16901690      <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1>
    16911691      <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the
     
    18561856            <li class="indline0"><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul class="ind">
    18571857                  <li class="indline1"><em>RFC1766</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1766.1">3.5</a>, <a class="iref" href="#RFC1766"><b>10.1</b></a></li>
    1858                   <li class="indline1"><em>RFC1806</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1806.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC1806.2">8.2</a>, <a class="iref" href="#RFC1806"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC1806.3">B.1</a></li>
    18591858                  <li class="indline1"><em>RFC1864</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1864.1">6.8</a>, <a class="iref" href="#rfc.xref.RFC1864.2">6.8</a>, <a class="iref" href="#RFC1864"><b>10.1</b></a></li>
    18601859                  <li class="indline1"><em>RFC1945</em>&nbsp;&nbsp;<a class="iref" href="#RFC1945"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC1945.1">B</a></li>
     
    18771876                  <li class="indline1"><em>RFC2076</em>&nbsp;&nbsp;<a class="iref" href="#RFC2076"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2076.1">B</a></li>
    18781877                  <li class="indline1"><em>RFC2119</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2119.1">1.1</a>, <a class="iref" href="#RFC2119"><b>10.1</b></a></li>
    1879                   <li class="indline1"><em>RFC2183</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a></li>
     1878                  <li class="indline1"><em>RFC2183</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.1">8.2</a>, <a class="iref" href="#rfc.xref.RFC2183.2">8.2</a>, <a class="iref" href="#RFC2183"><b>10.2</b></a>, <a class="iref" href="#rfc.xref.RFC2183.3">B.1</a><ul class="ind">
     1879                        <li class="indline1"><em>Section 5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2183.2">8.2</a></li>
     1880                     </ul>
     1881                  </li>
    18801882                  <li class="indline1"><em>RFC2277</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2277.1">3.1</a>, <a class="iref" href="#RFC2277"><b>10.2</b></a></li>
    18811883                  <li class="indline1"><em>RFC2388</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2388.1">3.3.2</a>, <a class="iref" href="#RFC2388"><b>10.2</b></a></li>
  • draft-ietf-httpbis/latest/p3-payload.xml

    r268 r269  
    16241624<section title="Content-Disposition Issues" anchor="content-disposition.issues">
    16251625<t>
    1626    <xref target="RFC1806"/>, from which the often implemented Content-Disposition
     1626   <xref target="RFC2183"/>, from which the often implemented Content-Disposition
    16271627   (see <xref target="content-disposition"/>) header in HTTP is derived, has a number of very
    16281628   serious security considerations. Content-Disposition is not part of
    16291629   the HTTP standard, but since it is widely implemented, we are
    1630    documenting its use and risks for implementors. See <xref target="RFC2183"/>
    1631    (which updates <xref target="RFC1806"/>) for details.
     1630   documenting its use and risks for implementors. See <xref target="RFC2183" x:fmt="of" x:sec="5"/>
     1631   for details.
    16321632</t>
    16331633</section>
     
    20302030<references title="Informative References">
    20312031
    2032 <reference anchor="RFC1806">
    2033   <front>
    2034     <title abbrev="Content-Disposition">Communicating Presentation Information in Internet Messages: The Content-Disposition Header</title>
    2035     <author initials="R." surname="Troost" fullname="Rens Troost">
    2036       <organization>New Century Systems</organization>
    2037       <address><email>rens@century.com</email></address>
    2038     </author>
    2039     <author initials="S." surname="Dorner" fullname="Steve Dorner">
    2040       <organization>QUALCOMM Incorporated</organization>
    2041       <address><email>sdorner@qualcomm.com</email></address>
    2042     </author>
    2043     <date month="June" year="1995"/>
    2044   </front>
    2045   <seriesInfo name="RFC" value="1806"/>
    2046 </reference>
    2047 
    20482032<reference anchor="RFC1945">
    20492033  <front>
     
    24502434   means for the origin server to suggest a default filename if the user
    24512435   requests that the content is saved to a file. This usage is derived
    2452    from the definition of Content-Disposition in <xref target="RFC1806"/>.
     2436   from the definition of Content-Disposition in <xref target="RFC2183"/>.
    24532437</t>
    24542438<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="content-disposition"/><iref primary="true" item="Grammar" subitem="disposition-type"/><iref primary="true" item="Grammar" subitem="disposition-parm"/><iref primary="true" item="Grammar" subitem="filename-parm"/><iref primary="true" item="Grammar" subitem="disp-extension-token"/><iref primary="true" item="Grammar" subitem="disp-extension-parm"/>
     
    26382622<section title="Since draft-ietf-httpbis-p3-payload-03" anchor="changes.since.03">
    26392623<t>
    2640 </t>
    2641 </section>
     2624  Closed issues:
     2625  <list style="symbols">
     2626    <t>
     2627      <eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/121"/>:
     2628      "RFC 1806 has been replaced by RFC2183"
     2629    </t>
     2630  </list>
     2631</t>
     2632 </section>
    26422633
    26432634</section>
Note: See TracChangeset for help on using the changeset viewer.