Stefan Tilkov · Jan 2, 2015 · 4:56 PM UTC

Stefan Tilkov · Jan 2, 2015 · 4:56 PM UTC

Stefan Tilkov @stilkov

2 Jan 2015

Wondering what a server’s reaction to non-ASCII characters in HTTP headers (names and values) should be. Reject with a 400 or pass through?

Jan 2, 2015 · 4:56 PM UTC

Arjen Poutsma · Jan 2, 2015 · 5:00 PM UTC

Arjen Poutsma @poutsma

2 Jan 2015

Replying to @stilkov

@stilkov headers are in ISO-8859-1; not ASCII.

Stefan Tilkov · Jan 2, 2015 · 5:07 PM UTC

Stefan Tilkov @stilkov

2 Jan 2015

@poutsma Are they? tools.ietf.org/html/rfc7230#… seems to indicate they’re supposed to be US-ASCII, only

Rolf 💎 · Jan 2, 2015 · 5:15 PM UTC

Rolf 💎 @rolfje

2 Jan 2015

Replying to @stilkov

@stilkov I'd say pass through. It's generally utf-8 encoded nowadays if I understand correctly.

devpg · Jan 2, 2015 · 8:52 PM UTC

devpg @devpg

2 Jan 2015

Replying to @stilkov

@stilkov Accept: 📄/plain … I think we need an update of #http

Mathias · Jan 2, 2015 · 7:14 PM UTC

Mathias @sirthias

2 Jan 2015

Replying to @stilkov

@stilkov I think the spec says that no particular encoding is to be assumed. Non-7-bit ASCII chars are to be treated as “opaque” octets.