wasi-http icon indicating copy to clipboard operation
wasi-http copied to clipboard
verified publisher icon WebAssembly

Header Validations

Open guybedford opened this issue 1 year ago • 2 comments

Some questions with regards to header validations:

  • Valid headers keys must not include whitespace
  • Valid header values must have whitespace trimmed

Possible clarifications that therefore might be made:

Keys

  • Could clarify that they are always valid according to eg https://searchfox.org/mozilla-central/rev/9f76a47f4aa935b49754c5608a1c8e72ee358c46/netwerk/protocol/http/nsHttp.cpp#172-215 (which includes disallowing whitespace)

Values

  • Could clarify that they are always trimmed by \t, , \r\ and \n
  • Could clarify that they contain no inner \0, \r or \n.

Without the above assumptions, returning values to the user risks returning invalid values from a get() or entries() call, making any fetch-based Headers implementation on top of these primitives non-standard.

guybedford avatar Jul 31 '24 16:07 guybedford

I've updated the description here to separately consider keys and values.

guybedford avatar Aug 02 '24 19:08 guybedford

Good point, I think we do need to tighten this up in the prose wording. I think the appropriate rule is that any field-key parameter (which we need to rename to field-name: #107) in wasi-http needs to be validated to match the field-name grammar in RFC 9110 (which ends up disallowing whitespace, to your point) and, similarly, any field-value parameter in wasi-http must match the field-value grammar in RFC 9110 (which ends up requiring the trimming), with a failure to match returning invalid-syntax.

lukewagner avatar Aug 12 '24 17:08 lukewagner