On 2011-12-30 09:46, Adam Barth wrote:
On Fri, Dec 30, 2011 at 12:18 AM, Julian Reschke<[email protected]> wrote:
On 2011-12-29 22:45, Adam Barth wrote:
Chrome does not (and will not) implement quoted-string for the STS
header for the reasons I've explained previously. You're welcome to
file bugs, but I'm just going to close them WONTFIX.
So your code intentionally is non-compliant with STS.
I note that you are both a WG member and also listed as one of the authors
of the spec. Don't you think that this puts you into a strange position?
Not really. IMHO, we should just change the spec.
If you believe that support for quoted-string in extension directives is
the wrong thing to do, please go ahead and lobby for a change.
I happen to agree that parsing should be consistent for all directives,
but my preference is to keep quoted-string, both for what you gain (the
ability to express certain values that otherwise you can't without
introducing yet another new way to encode them), and consistency with
other header fields.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
