Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

field-value value space #215

Closed
annevk opened this issue Mar 28, 2019 · 9 comments
Closed

field-value value space #215

annevk opened this issue Mar 28, 2019 · 9 comments
Assignees

Comments

@annevk
Copy link
Contributor

annevk commented Mar 28, 2019

I mostly know about browsers and didn't test other clients. When sending browsers effectively allow all byte values, except 0x00, 0x0A, and 0x0D.

When receiving 0x00 is also allowed, though Chrome started outlawing that recently and it seems like it might stick.

As far as I can tell field-value is quite a bit more restrictive. I wonder whether that should be reconsidered.

(I originally brought this up in #19.)

(I also haven't tested obs-fold that I remember. I don't think there's a way to force browsers to send headers like that, but receiving is a thing that probably ought to work and likely does.)

@reschke
Copy link
Contributor

reschke commented Mar 28, 2019

Expanding the set of allowed characters is a non-compatible change that might break existing components.

@reschke reschke self-assigned this Mar 28, 2019
@mnot mnot added the discuss label Jul 11, 2019
@mnot
Copy link
Member

mnot commented Jul 11, 2019

Yeah, I think this is out of scope for what we're trying to do here; we can't retroactively expand this and hope it'll work in all cases.

Flagging for discussion in Montreal.

@annevk
Copy link
Contributor Author

annevk commented Jul 11, 2019

I think you'll at least have to warn servers that clients are not as restrictive as they might otherwise assume? I guess arguably that's part of generally having a robust setup, but that it's standardized to be the case for browsers might warrant an additional notice?

@reschke
Copy link
Contributor

reschke commented Jul 25, 2019

Hmm. Wouldn't be the warning that some clients actually might be as restrictive as specified, so just targeting common browsers might lead to breakage with other clients?

@mnot
Copy link
Member

mnot commented Jul 25, 2019

Discussed in montreal; close with no action.

@annevk
Copy link
Contributor Author

annevk commented Aug 8, 2019

@reschke for responses yes, for requests, no.

@mnot mnot closed this as completed Aug 12, 2019
@zcorpan
Copy link

zcorpan commented Dec 18, 2019

If I understand correctly, this was closed because you don't want to start allowing characters that were previously not allowed. But this issue is also asking for the reverse, for 0x00. Was that discussed?

@reschke
Copy link
Contributor

reschke commented Dec 18, 2019

?

0x00 was not allowed at any point.

@zcorpan
Copy link

zcorpan commented Dec 18, 2019

Oh, OK. Sorry. I misunderstood @annevk's original comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

5 participants
@mnot @zcorpan @reschke @annevk and others