Opened 10 years ago
Closed 10 years ago
#412 closed design (fixed)
SP and HT when being tolerant
Reported by: | mnot@… | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | 22 |
Component: | p1-messaging | Severity: | Active WG Document |
Keywords: | Cc: |
Description
3.1.1 Request Line and 3.1.2 Status line -- RFC2616 specifically allowed multiple SP and HT in these constructs --
Clients SHOULD be tolerant in parsing the Status-Line and servers tolerant when parsing the Request-Line. In particular, they SHOULD accept any amount of SP or HT characters between fields, even though only a single SP is required. (19.3 Tolerant Applications)
Yet this text seems to have been lost. Given that HT isn't even in the BNF, it should still be somewhere.
Change History (6)
comment:1 Changed 10 years ago by fielding@…
comment:2 Changed 10 years ago by fielding@…
In other words, we could change
request-line = method SP request-target SP HTTP-version CRLF
to
request-line = CRLF* BWS method SP BWS request-target SP BWS HTTP-version BWS CRLF
if we want the old 2616 robustness rules in the grammar. Personally, I'd rather not.
comment:3 Changed 10 years ago by fielding@…
From [2028]:
Expand on message parsing robustness regarding whitespace. Clarify that whitespace-delimited parsing by recipients is allowed.
Add requirement on recipients of whitespace between start-line and first header field to be consistent with implementations and safe from the header spoofing issues.
Reduce ABNF conformance by recipients to a SHOULD.
comment:4 Changed 10 years ago by fielding@…
- Component changed from non-specific to p1-messaging
- Milestone changed from unassigned to 22
- Resolution set to incorporated
- Status changed from new to closed
comment:5 Changed 10 years ago by mnot@…
- Resolution incorporated deleted
- Status changed from closed to reopened
comment:6 Changed 10 years ago by mnot@…
- Resolution set to fixed
- Status changed from reopened to closed
I thought we removed this requirement on purpose. Specifically, no known client sends extra spaces or HTABs. We could add them to BWS and spread that around a bit more.