On 2012-01-15 21:53, Adam Barth wrote:
On Sun, Jan 15, 2012 at 12:41 PM, Willy Tarreau<[email protected]> wrote:
On Sun, Jan 15, 2012 at 11:52:38AM -0800, Adam Barth wrote:
The requirement in the spec is what we intend. The rule applies only
to that exact octet sequence.
But then what are the impacts of not matching the correct content-type ?
I'm not sure I understand your question. Can you explain a scenario
in which something happens that causes someone to be sad with the
current requirements?
Adam
Translating Adam: matching only some specific header field instances is
intentional, as these are the ones we know misconfigured servers send.
(right?)
It wouldn't hurt if the spec would explain that choice, if it doesn't
right now.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
