From cc189abd41ec0dccb09c50462e79facb7d1c2330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Tue, 25 Jan 2022 16:52:56 +0100 Subject: [PATCH] XEP-0363: Incorporate Council feedback The wording about allowed headers was deemed unclear, so it was clarified that only allowed headers should be forwarded. In addition, there were concerns about implementation support for preserving the relative order of different headers. Considering that that's unlikely to be a use-case, the wording was changed to not require that, but only preserving the order of values for the same header. --- xep-0363.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xep-0363.xml b/xep-0363.xml index bd9e3589..8f2ab97a 100644 --- a/xep-0363.xml +++ b/xep-0363.xml @@ -262,7 +262,7 @@ content-type='image/jpeg' /> ]]>

The upload service responds with both a PUT and a GET URL wrapped by a <slot> element. The service SHOULD keep the file name and especially the file ending intact. Using the same hostname for PUT and GET is OPTIONAL. The host MUST provide Transport Layer Security (&rfc5246;). Both HTTPS URLs MUST adhere to &rfc3986;. Non ASCII characters MUST be percent-encoded.

-

The <put> element MAY also contain a number of <header> elements which correspond to HTTP header fields. Each <header> element MUST have a name-attribute and a content with the value of the header. Only the following header names are allowed: Authorization, Cookie, Expires. These headers MUST be included in the HTTP PUT request. Other header names MUST be ignored by the requesting entity and MUST NOT be included in the HTTP request. The requesting entity MUST strip any newline characters from the header name and value before performing the HTTP request, but MUST keep the same order of headers in the request. Each header name MAY be present zero or more times, and are case insensitive (eXpires is the same as Expires).

+

The <put> element MAY also contain a number of <header> elements which correspond to HTTP header fields. Each <header> element MUST have a name-attribute and a content with the value of the header. Only the following header names are allowed: Authorization, Cookie, Expires. The allowed headers provided in the response MUST be included in the HTTP PUT request. Other header names MUST be ignored by the requesting entity and MUST NOT be included in the HTTP request. The requesting entity MUST strip any newline characters from the header name and value before performing the HTTP request, but MUST preserve the relative order of multiple values for the same header in the request. Each header name MAY be present zero or more times, and are case insensitive (eXpires is the same as Expires).