On 5/2/06, Mark Nottingham <[EMAIL PROTECTED]> wrote:
On 2006/05/02, at 1:33 AM, Maciej Stachowiak wrote: > Combining these lists, your list does not include Connection, > Upgrade, Expect, Via, From, Max-Forwards or Proxy-Authorization. > Are you convinced all those are safe? Do you think my specific > justifications for Connection, Upgrade and Expect were wrong? WRT Connection: Mark Baker made an argument that someone may design an extension that is hop-by-hop, and therefore needs to be added to Connection. Note that the proposal doesn't allow it to be overwritten; only appended to.
Right.
WRT Upgrade: I think you're right.
Ditto.
WRT Expect: I think you're right, but there should also be a section about E/C handling in send().
I could see it being useful, though I don't know if current implementations would handle Continue.
WRT From: I don't think any software actually uses this to inform behaviour; it's just a way to give a more persistent address for the user.
I don't see any problem with this in the single domain case.
WRT Max-Forwards: I'm ambivalent about this one. It could be useful in debugging proxies, etc. and it has pretty well-defined behaviour...
I think that unless there's a clear reason to disallow a header, that it should be allowed, so I'm happy to leave it off the list.
WRT Proxy-Authorization: Authorization is allowed to be overwritten, so it seems reasonable to allow Proxy-Auth too (although the use case would indeed be pretty esoteric; I suppose someone doing something inside the firewall might want to do something here...)
Right. Mark.
