On 11/01/2010 04:53 PM, Eric Williams wrote:
On 11/1/2010 4:43 PM, Brett Slatkin wrote:
X-Hub-Signature works well enough for payload-only messages, but what
about messages that have headers, like arbitrary content? I don't
think that running your own hub alleviates that problem, which is why
I'm looking for a general solution that all providers can employ. Does
that make sense?
What if the application/http mime-type was used as the content body?
Would allow the headers for the content and the headers for the PuSH
message to be fully seperated. I see some possible problems related to
difficulty of parsing, however...
Eric,
This is the solution that Brett alluded to in the subject line when he
refers to "turducken". This was discussed as a possible solution but
some folks at the table found nesting an HTTP message in the body of an
HTTP message to be distasteful/confusing.
I don't have any major objection to it on principle, but I can
sympathize with the viewpoint that it puts an unusual burden on
subscribers since many web application frameworks won't expose a
facility to parse an arbitrary string as an HTTP message and so
implementers would end up working around their framework to implement
such a thing, and that is likely to lead to bugs and security issues.
