On 2012-01-16 09:24, Julian Reschke wrote:
On 2012-01-16 03:50, =JeffH wrote:
...
though, I remain curious as to why the STS parsing in Firefox & Chrome
is apparently each a one-off and doesn't use the more generic HTTP
header-field parsing routines that are available and which appear to
handle quoted-string, arbitrary header field parameter ordering, etc.
...
Well. One reason for that is that STS is indeed different from other
header fields (for instance, things like Content-Type, Expect, or
Cache-Control).
To enable UAs to re-use code, you need to specify the header field so
that code can indeed be re-used.
...
Expanding on that...
If STS used commas as delimiter (so use the list style), it could be
compatible with Expect
(<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-latest.html#header.expect>)
and Prefer (<https://tools.ietf.org/html/draft-snell-http-prefer>), and
would be similar to Cache-Control (minus legacy quirks).
But it uses semicolon, which makes it more similar to things like
Content-Type, Content-Disposition and Link (RFC 5988). These header
fields however describe a single item plus parameters, not multiple items.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
