lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Hash: SHA1

Diego Nehab wrote:
> I am sure there are lots of broken software out there. But
> we have to draw the line somewhere. This is not some obscure
> detail.  Failing to notice that header field names are case
> insensitive is a pretty serious bug.

Certainly, it is. OTOH it's not a bug that's likely to get fixed, because the
number of people using LuaSocket is very, very small compared to the number of
broken web servers out there (some of which may not be fixable due to having
the server in ROM). It's one of those situations where you're technically in
the right but practically in the wrong. The servers are broken; but submitting
bug reports isn't going to make your software work any faster.

> There is no "RFC" standard for how to capitlize these
> things, because they are supposed to be case insensitive.
> Which one is correct, Content-type or Content-Type?  ETag or
> Etag? TE or Te? Content-MD5 or Content-Md5?

Content-Type. ETag. Content-MD5. The RFC is, in fact, extremely careful to use
the canonical representation of the header names at all times. (In a couple of
cases you see a phrase like "content-type" --- but further investigation
reveals that the lower case version is actually referring to the *field*, not
the header.)

The obvious thing to do in this case is to leave LuaSocket as is, doing
everything in lower case; but just before sending, look up the header names to
map them to their canonical forms:

canonical_header_table = {
	["content-type"] = "Content-Type",
	["etag"] = "ETag",
	["content-md5"] = "Content-MD5"

This also has the advantage that it should be very easy to do.

Incidentally, for reference, here's the HTTP/1.1 RFC:

I direct the discerning reader to the last sentence of the first paragraph of
section 4.2 (which is the relevant one to the conversation)...

- --
┌── ─── ───────────────────
│ "There does not now, nor will there ever, exist a programming language in
│ which it is the least bit hard to write bad programs." --- Flon's Axiom
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -