-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
field-value value space #215
Comments
Expanding the set of allowed characters is a non-compatible change that might break existing components. |
Yeah, I think this is out of scope for what we're trying to do here; we can't retroactively expand this and hope it'll work in all cases. Flagging for discussion in Montreal. |
I think you'll at least have to warn servers that clients are not as restrictive as they might otherwise assume? I guess arguably that's part of generally having a robust setup, but that it's standardized to be the case for browsers might warrant an additional notice? |
Hmm. Wouldn't be the warning that some clients actually might be as restrictive as specified, so just targeting common browsers might lead to breakage with other clients? |
Discussed in montreal; close with no action. |
@reschke for responses yes, for requests, no. |
If I understand correctly, this was closed because you don't want to start allowing characters that were previously not allowed. But this issue is also asking for the reverse, for 0x00. Was that discussed? |
? 0x00 was not allowed at any point. |
Oh, OK. Sorry. I misunderstood @annevk's original comment. |
I mostly know about browsers and didn't test other clients. When sending browsers effectively allow all byte values, except 0x00, 0x0A, and 0x0D.
When receiving 0x00 is also allowed, though Chrome started outlawing that recently and it seems like it might stick.
As far as I can tell field-value is quite a bit more restrictive. I wonder whether that should be reconsidered.
(I originally brought this up in #19.)
(I also haven't tested obs-fold that I remember. I don't think there's a way to force browsers to send headers like that, but receiving is a thing that probably ought to work and likely does.)
The text was updated successfully, but these errors were encountered: