[VOTE][PSR-7] Header validation errata

61 views
Skip to first unread message

Matthew Weier O'Phinney

unread,
Apr 20, 2022, 10:28:05 AM4/20/22
to php...@googlegroups.com
Hi, all!

The two week discussion period regarding proposed errata on PSR-7 related to validation of header fields has completed. We had some feedback basically immediately, and that feedback was incorporated. For reference:


The tl;dr: PSR-7 implementations SHOULD strictly validate header names and contents according to the most recent HTTP specification ([RFC 7230#3.2][1] at the time of writing). The implementation SHOULD reject invalid values and SHOULD NOT make any attempt to automatically correct the provided values. The errata provides more specific details about this validation, but it's primarily around line wrapping of headers.The changes are suggested to ensure that implementations provide a minimum amount of security for end-users.

At this time, I am opening a VOTE for inclusion of this errata in PSR-7. The vote is open to CC members only, and requires a 50% quorum, and a 2/3 approval to pass. The vote will end 2 weeks from the time I send this.

--
he/him

Matthew Weier O'Phinney

unread,
Apr 20, 2022, 10:28:23 AM4/20/22
to php...@googlegroups.com
Obviously, +1 from me.

Woody Gilk

unread,
Apr 20, 2022, 10:31:39 AM4/20/22
to PHP Framework Interoperability Group

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAJp_myXq%3D%2B2hC%2BPQ95zQ9_c7rR%2By5FLT6kgxTVOW%3D%3D-E44vFqQ%40mail.gmail.com.

Chuck Burgess

unread,
Apr 20, 2022, 10:49:07 AM4/20/22
to php...@googlegroups.com
+1

--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.

Chris Tankersley

unread,
Apr 20, 2022, 10:50:41 AM4/20/22
to php...@googlegroups.com

Michelle Sanver

unread,
Apr 20, 2022, 10:51:53 AM4/20/22
to php...@googlegroups.com

Larry Garfield

unread,
Apr 20, 2022, 1:35:36 PM4/20/22
to PHP-FIG
+1

--
Larry Garfield
la...@garfieldtech.com
> --
> You received this message because you are subscribed to the Google
> Groups "PHP Framework Interoperability Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to php-fig+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/php-fig/CAJp_myVoiiH2qd_HwTxT5UgSeGqNVqmsQ4sDur1Km%2BYuqccigQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/php-fig/CAJp_myVoiiH2qd_HwTxT5UgSeGqNVqmsQ4sDur1Km%2BYuqccigQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

Korvin Szanto

unread,
Apr 23, 2022, 1:50:07 PM4/23/22
to php...@googlegroups.com

Ken Guest

unread,
Apr 28, 2022, 10:36:22 AM4/28/22
to php...@googlegroups.com

Ben Edmunds

unread,
May 3, 2022, 9:55:54 AM5/3/22
to PHP Framework Interoperability Group
+1

Alessandro Chitolina

unread,
May 3, 2022, 11:47:19 AM5/3/22
to PHP Framework Interoperability Group
+1

Alessandro

Cees-Jan Kiewiet

unread,
May 3, 2022, 3:13:12 PM5/3/22
to php...@googlegroups.com

Alessandro Lai

unread,
May 4, 2022, 10:38:43 AM5/4/22
to PHP Framework Interoperability Group
Voting is closed.
Quorum is reached with 11 votes, all in favor.
The errata is approved.
Reply all
Reply to author
Forward
0 new messages