As another data point, when we tried something similar for OpenSocial we found that PHP offered no facilities for parsing this sort of thing -- requiring new libraries to be rolled to do MIME parsing at least. This was a discouraging finding at the time (2008). I haven't heard that this situation has changed.
-- John Panzer / Google [email protected] / abstractioneer.org <http://www.abstractioneer.org/> / @jpanzer On Mon, Nov 29, 2010 at 9:10 AM, Martin Atkins <[email protected]>wrote: > On 11/01/2010 04:53 PM, Eric Williams wrote: > >> On 11/1/2010 4:43 PM, Brett Slatkin wrote: >> >>> X-Hub-Signature works well enough for payload-only messages, but what >>> about messages that have headers, like arbitrary content? I don't >>> think that running your own hub alleviates that problem, which is why >>> I'm looking for a general solution that all providers can employ. Does >>> that make sense? >>> >> >> What if the application/http mime-type was used as the content body? >> Would allow the headers for the content and the headers for the PuSH >> message to be fully seperated. I see some possible problems related to >> difficulty of parsing, however... >> > > Eric, > > This is the solution that Brett alluded to in the subject line when he > refers to "turducken". This was discussed as a possible solution but some > folks at the table found nesting an HTTP message in the body of an HTTP > message to be distasteful/confusing. > > I don't have any major objection to it on principle, but I can sympathize > with the viewpoint that it puts an unusual burden on subscribers since many > web application frameworks won't expose a facility to parse an arbitrary > string as an HTTP message and so implementers would end up working around > their framework to implement such a thing, and that is likely to lead to > bugs and security issues. > >
