chicken-janitors
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-janitors] #1074: intarweb request parsing and Spiffy handli

From: Chicken Trac
Subject: Re: [Chicken-janitors] #1074: intarweb request parsing and Spiffy handling of said requests is inconsistent in case of improper request line URIs
Date: Sun, 24 Nov 2013 10:31:35 -0000 
#1074: intarweb request parsing and  Spiffy handling of said requests is
inconsistent in case of improper request line URIs
----------------------+-----------------------------------------------------
  Reporter:  RvdH     |       Owner:  sjamaan               
      Type:  defect   |      Status:  new                   
  Priority:  major    |   Milestone:  someday               
 Component:  unknown  |     Version:  4.8.x                 
Resolution:           |    Keywords:  bad-request connection
----------------------+-----------------------------------------------------

Comment(by sjamaan):

 > On balance, I think we should do the safest thing, rather than the most
 elegant or most useful thing.

 This.

 By returning a HTTP response to some application that does not speak HTTP,
 you might be sending it off the deep end.  The current case is just an
 edge case of trying to speak HTTP but failing.

 It's funny: the security rule is the opposite of the IETF rule's (Postel's
 law): be conservative in what you accept, for the other party may be
 trying to trick you. Anyway, the browser is severely misbehaving here,
 which shouldn't happen in the first place.  So, anything we decide to do
 is acceptable.  The browser needs to be fixed not to send such bad
 requests.

-- 
Ticket URL: <http://bugs.call-cc.org/ticket/1074#comment:9>
Chicken Scheme <http://www.call-with-current-continuation.org/>
Chicken Scheme is a compiler for the Scheme programming language.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]