IETF Logo Mail Archive

Re: JSON headers

Yanick Rochon <yanick.rochon@gmail.com> Tue, 12 July 2016 13:57 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3752B12DFD8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jul 2016 06:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.307
X-Spam-Level:
X-Spam-Status: No, score=-8.307 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4XKkatu9-5P for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Jul 2016 06:57:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 477C612DC99 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 12 Jul 2016 06:21:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bMxY8-0006yk-A0 for ietf-http-wg-dist@listhub.w3.org; Tue, 12 Jul 2016 13:16:32 +0000
Resent-Date: Tue, 12 Jul 2016 13:16:32 +0000
Resent-Message-Id: <E1bMxY8-0006yk-A0@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <yanick.rochon@gmail.com>) id 1bMxY3-0006xg-SC for ietf-http-wg@listhub.w3.org; Tue, 12 Jul 2016 13:16:27 +0000
Received: from mail-vk0-f41.google.com ([209.85.213.41]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <yanick.rochon@gmail.com>) id 1bMxY0-0006Rc-K8 for ietf-http-wg@w3.org; Tue, 12 Jul 2016 13:16:26 +0000
Received: by mail-vk0-f41.google.com with SMTP id x130so20986648vkc.0 for <ietf-http-wg@w3.org>; Tue, 12 Jul 2016 06:16:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=32H0C4H83X2XqZJLrgvOPZxZwLeNS7sQfrUX/YfDfIc=; b=UP6UyShcnpwqzhD5CnyBufeF9j+9yMFp6XGdq2b8Sz1sklidApK5QK4KxgWeqnmqPB TWTNg6UVmqQNQnWlMM74tVKpcYTcOkUgIo39czGmZ21PKmS3NWOLRXmQXRGOO8bO4+CQ 74ob5FcINCShYgS4QJwAE8DhQzbrxKsQH6AzrXTCpOGk8qzCzvtg78Ax6qwGD0fnMWV1 rlOLkJuXRas1ja2+6MjuHLOBENzpevPaMZnC6CUDg3FyAU8cb2akLoILLuU91cepx0Se JKhU52Tfqh8LE2DL+asOhn9g1IcXwtmQuRiDYs5WPqpFVzpLmIOOMjXh/dzUk6y+oSU4 9u0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=32H0C4H83X2XqZJLrgvOPZxZwLeNS7sQfrUX/YfDfIc=; b=d1j2ZtUs9bm0cQLvzTD0+9AhY4FsBqeGPqdtTpJslOFHzDAc28tpQSTWbbalw4ZAgO XLxTpqGksDpw1w+nmm0V3eVtt3KgAHuNUl2SXxyUdJVvgkY1xvevv75cdJOinds0Fyin PMLpr7t5T2CfVdP/GlOncl5NE0Q6a6kz9itiohlRFqQbsQLT1cw+hbLkB/fBPAFcNLfJ yuZ6RXLxyOKls80j+nx2F4xcopdzmawJHlNTSFYLJ7sHiyyAfkcKyWPk5ZXCSFoD+uk6 zbISimxZfXlLVJleb/oTtXrQL+JJduKRrOlF2X6temr1UQprJtYyUJH1tt/n187oHRhG a57A==
X-Gm-Message-State: ALyK8tL0/rD6IcAWkUwqO4+3Y53yVLyIm5kvk/sANur4mFeVIvm23swtxgi9E1B8XF7E9URqJprP5FnnMT6VTA==
X-Received: by 10.31.185.199 with SMTP id j190mr983310vkf.153.1468329358523; Tue, 12 Jul 2016 06:15:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.45.78 with HTTP; Tue, 12 Jul 2016 06:15:38 -0700 (PDT)
In-Reply-To: <20160712041040.GE10172@1wt.eu>
References: <9221.1468245597@critter.freebsd.dk> <aa9cee9c-d8e3-17ba-9fcd-e327575cd5a8@gmx.de> <9801.1468259070@critter.freebsd.dk> <15d27f23-6b51-1e8e-3f10-194c80570424@gmx.de> <20160711190107.GB9542@1wt.eu> <0e467573-4f68-80a5-14a4-5a63b41ac4d4@gmx.de> <20160711192515.GA9614@1wt.eu> <CAB0No9kgPJqMZQ2=qpMw4yh7Tq-1V+nkuagrN71HTTeXYpJ9kA@mail.gmail.com> <20160712032237.GA10172@1wt.eu> <CAB0No9mB-yAoPZqp7AE_HYdVSPicKh2xed4m=Dxfz7vrMD+sjg@mail.gmail.com> <20160712041040.GE10172@1wt.eu>
From: Yanick Rochon <yanick.rochon@gmail.com>
Date: Tue, 12 Jul 2016 09:15:38 -0400
Message-ID: <CAB0No9nBYb_Nm8QvXQxYxVrf_P5+y4NQnMUXZ8_tidfYjEHSWw@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Cc: Julian Reschke <julian.reschke@gmx.de>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Phil Hunt <phil.hunt@oracle.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a1143a01ed402270537701167"
Received-SPF: pass client-ip=209.85.213.41; envelope-from=yanick.rochon@gmail.com; helo=mail-vk0-f41.google.com
X-W3C-Hub-Spam-Status: No, score=-5.5
X-W3C-Hub-Spam-Report: AWL=-0.817, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bMxY0-0006Rc-K8 1bdc05f3f0bf699a26987a9e2ca14322
X-Original-To: ietf-http-wg@w3.org
Subject: Re: JSON headers
Archived-At: <http://www.w3.org/mid/CAB0No9nBYb_Nm8QvXQxYxVrf_P5+y4NQnMUXZ8_tidfYjEHSWw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31925
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 12 July 2016 at 00:10, Willy Tarreau <w@1wt.eu> wrote:

> On Mon, Jul 11, 2016 at 11:58:03PM -0400, Yanick Rochon wrote:
>
> But precisely my point is to declare that all JSON headers are lists (or
> arrays apparently in JSON). Thus you just send array *elements* and the
> recipient appends them to the array. So you don't have the object above,
> you just have { "Accept": [ "..." ] }. This removes the possibility of
> duplicate keys and keeps the ability to have multiple values for a header.
> And it also allows to stop at the first value when you expect to use only
> one value for a header that you don't intend to check for uniqueness.
>
>
As Carsten mentioned, the problem is not the possibilities as you describe,
as I think JSON would elliminate a few problems that arises with the actual
implementation, but the issue is that people will not honor it. Meaning
that, JSON allows non-array values, so you cannot expect people to strictly
observe a rule (HTTP header having array values) and not another (JSON
values may be of other types). My question is more in the nature of "if a
sender sends duplicated keys in the header, and/or some of them are not
array values, what then?" As others have stated, the JSON specs is
undefined on this (i.e. overwriting previous ones, ignoring subsequent
duplicated keys, or rejecting the object with an error), and most
implementations end up overwriting as a convention. However this would lead
into problems where hijackers could simply insert their headers before the
closing curly brace, thus overriding any previous, original header.

You can't use an undefined behavior, make it a convention and expect people
to honor it; it has to be defined.

v2.23.0 | Report a Bug | By Email