Hi, all!
The two week discussion period regarding proposed errata on PSR-7 related to validation of header fields has completed. We had some feedback basically immediately, and that feedback was incorporated. For reference:
The tl;dr: PSR-7 implementations SHOULD strictly validate header names and contents according to the most recent HTTP specification ([RFC 7230#3.2][1] at the time of writing). The implementation SHOULD reject invalid values and SHOULD NOT make any attempt to automatically correct the provided values. The errata provides more specific details about this validation, but it's primarily around line wrapping of headers.The changes are suggested to ensure that implementations provide a minimum amount of security for end-users.
At this time, I am opening a VOTE for inclusion of this errata in PSR-7. The vote is open to CC members only, and requires a 50% quorum, and a 2/3 approval to pass. The vote will end 2 weeks from the time I send this.
--