[Web-SIG] Servers ignoring application-supplied headers
Mark Nottingham
mnot at mnot.net
Fri Aug 27 02:29:25 CEST 2004
I assume that this part was written with CGI in mind. Not to say that
we shouldn't do better than CGI when possible...
On Aug 26, 2004, at 5:20 PM, Jim Dabell wrote:
>> In general, the server or gateway is responsible for ensuring that
>> correct
>> headers are sent to the client: if the application omits a needed
>> header,
>> the server or gateway *should* add it. For example, the HTTP
>> ``Date:`` and
>> ``Server:`` headers would normally be supplied by the server or
>> gateway. If
>> the application supplies a header that the server would ordinarily
>> supply,
>> or that contradicts the server's intended behavior (e.g. supplying a
>> different ``Connection:`` header), the server or gateway *may*
>> discard the
>> conflicting header, provided that its action is recorded for the
>> benefit of
>> the application author.
>
> Is this wise? It's not really the WSGI's job to nanny the application
> and
> make sure it does the right thing. I can see the case for supplying
> default
> values, but simply throwing away something it's specifically been
> asked to
> use seems rather shortsighted. WSGI authors aren't perfect, and it's
> far to
> easy to end up in a situation where application developers are stuck
> behind a
> clueless WSGI that insists on ignoring certain things because it
> thinks it's
> the right thing to do. It seems to me that if the application
> developers
> want to do something, WSGI shouldn't make it intentionally impossible
> for
> them to do.
>
> The worst that is likely to happen is the application developer tries
> something and it breaks, so he doesn't try it again, right?
--
Mark Nottingham http://www.mnot.net/
More information about the Web-SIG
mailing list