[Web-SIG] Servers ignoring application-supplied headers

Jim Dabell jim-web-sig at jimdabell.com
Fri Aug 27 02:20:30 CEST 2004

> In general, the server or gateway is responsible for ensuring that correct
> headers are sent to the client: if the application omits a needed header,
> the server or gateway *should* add it.  For example, the HTTP ``Date:`` and
> ``Server:`` headers would normally be supplied by the server or gateway.  If
> the application supplies a header that the server would ordinarily supply,
> or that contradicts the server's intended behavior (e.g. supplying a
> different ``Connection:`` header), the server or gateway *may* discard the
> conflicting header, provided that its action is recorded for the benefit of
> the application author.

Is this wise?  It's not really the WSGI's job to nanny the application and 
make sure it does the right thing.  I can see the case for supplying default 
values, but simply throwing away something it's specifically been asked to 
use seems rather shortsighted.  WSGI authors aren't perfect, and it's far to 
easy to end up in a situation where application developers are stuck behind a 
clueless WSGI that insists on ignoring certain things because it thinks it's 
the right thing to do.  It seems to me that if the application developers 
want to do something, WSGI shouldn't make it intentionally impossible for 
them to do.

The worst that is likely to happen is the application developer tries 
something and it breaks, so he doesn't try it again, right?

Jim Dabell

More information about the Web-SIG mailing list