So moving forwards, can we stop accepting stuff that isn't HTTP/1.1 in
our HTTP/1.1 server? Do we really want people to configure their
server to speak "other"?

I'm starting to collect
based on searching google for instances where users have toggled
HttpProtocolOptions Unsafe, in response to specific application

>From this list, we might decide to allow non-HTTP/1.1 input in
specific cases, and perhaps have multiple grades of protocol
correctness, as I first proposed. A trailing space, after the protocol
designation in the request line is one example of a rather
unambiguously safe incompatibility.

Reply via email to