On 13/01/15 06:09, Nils Dagsson Moskopp wrote: > Repeated header lines in HTTP are only allowed if they can be combined > as a legitimate comma-separated list value. See RFC 7320, Section 3.2.2: > >> A sender MUST NOT generate multiple header fields with the same field >> name in a message unless either the entire field value for that >> header field is defined as a comma-separated list [i.e., #(values)] >> or the header field is a well-known exception (as noted below). > > <https://tools.ietf.org/html/rfc7230#section-3.2.2>
This isn't sufficient because it doesn't say how a parser should interpret noncompliant repeated header fields; only that a sender must not generate them. -- Daira Hopwood ⚥
signature.asc
Description: OpenPGP digital signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
