[Web-SIG] Servers ignoring application-supplied headers

Mark Nottingham mnot at mnot.net
Fri Aug 27 02:29:25 CEST 2004

I assume that this part was written with CGI in mind. Not to say that 
we shouldn't do better than CGI when possible...

On Aug 26, 2004, at 5:20 PM, Jim Dabell wrote:

>> In general, the server or gateway is responsible for ensuring that 
>> correct
>> headers are sent to the client: if the application omits a needed 
>> header,
>> the server or gateway *should* add it.  For example, the HTTP 
>> ``Date:`` and
>> ``Server:`` headers would normally be supplied by the server or 
>> gateway.  If
>> the application supplies a header that the server would ordinarily 
>> supply,
>> or that contradicts the server's intended behavior (e.g. supplying a
>> different ``Connection:`` header), the server or gateway *may* 
>> discard the
>> conflicting header, provided that its action is recorded for the 
>> benefit of
>> the application author.
> Is this wise?  It's not really the WSGI's job to nanny the application 
> and
> make sure it does the right thing.  I can see the case for supplying 
> default
> values, but simply throwing away something it's specifically been 
> asked to
> use seems rather shortsighted.  WSGI authors aren't perfect, and it's 
> far to
> easy to end up in a situation where application developers are stuck 
> behind a
> clueless WSGI that insists on ignoring certain things because it 
> thinks it's
> the right thing to do.  It seems to me that if the application 
> developers
> want to do something, WSGI shouldn't make it intentionally impossible 
> for
> them to do.
> The worst that is likely to happen is the application developer tries
> something and it breaks, so he doesn't try it again, right?

Mark Nottingham     http://www.mnot.net/

More information about the Web-SIG mailing list