[Web-SIG] http headers (was: Defining a standard interface for common web tasks)

Greg Stein gstein at lyra.org
Mon Oct 27 00:30:27 EST 2003

On Sat, Oct 25, 2003 at 01:16:52PM +0100, John J Lee wrote:
> > i.e. concatenate with a comma. While it is allowed, there is *generally*
> > no reason for the API to enable writing separate headers, nor a reason to
> > expose same-named headers as separate (i.e. just concatenate them
> > internally).
> >
> > Note that I say "generally" because I've seen a client that could not deal
> > properly with a long header value. By separating the tokens in the header
> [...]
> Another thing that breaks this is the Cookie header: cookie values may
> contain commas (and they do!).  Of course, this may not be relevant here,
> since Python programmers aren't going to be so silly as to put commas in
> their cookie values :-)

Yup. Good point. The WWW-Authenticate header has ambiguity here, too,
although most of those issues have been sorted. With a bit of work, you
can usually tease apart the header into the various challenges the server
is offering up.


Greg Stein, http://www.lyra.org/

More information about the Web-SIG mailing list