On Wed, 13 Sep 2017 08:29:44 -0500
William A Rowe Jr <wr...@rowe-clan.net> wrote:
> So moving forwards, can we stop accepting stuff that isn't HTTP/1.1 in
> our HTTP/1.1 server? Do we really want people to configure their
> server to speak "other"?
Did you mean to say "stop accepting ..."?
> I'm starting to collect https://wiki.apache.org/httpd/Applications
> based on searching google for instances where users have toggled
> HttpProtocolOptions Unsafe, in response to specific application
Perhaps a useful exercise, but could take us in to a bad cycle
of application workarounds that long-outlive the application
> From this list, we might decide to allow non-HTTP/1.1 input in
> specific cases, and perhaps have multiple grades of protocol
> correctness, as I first proposed.
You mean something like Options or AllowOverride? Things that looked
like a good idea at the time but led to all sorts of issues as the
OK, perhaps that's unduly harsh: this will be less problematic to
maintain. Are you enumerating cases?