Hi, all! The two week discussion period regarding proposed errata on PSR-7 related to validation of header fields has completed. We had some feedback basically immediately, and that feedback was incorporated. For reference:
- https://github.com/php-fig/fig-standards/pull/1274 The tl;dr: PSR-7 implementations SHOULD strictly validate header names and contents according to the most recent HTTP specification ([RFC 7230#3.2][1] at the time of writing). The implementation SHOULD reject invalid values and SHOULD NOT make any attempt to automatically correct the provided values. The errata provides more specific details about this validation, but it's primarily around line wrapping of headers.The changes are suggested to ensure that implementations provide a minimum amount of security for end-users. At this time, I am opening a VOTE for inclusion of this errata in PSR-7. The vote is open to CC members only, and requires a 50% quorum, and a 2/3 approval to pass. The vote will end 2 weeks from the time I send this. -- Matthew Weier O'Phinney [email protected] https://mwop.net/ he/him -- You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAJp_myVoiiH2qd_HwTxT5UgSeGqNVqmsQ4sDur1Km%2BYuqccigQ%40mail.gmail.com.
