0

In reference to this answer:

https://stackoverflow.com/a/20309097/99717

My understanding is that transmitting HTTP 1.1 message bodies is 8-bit clean: we can send any octets and there's nothing about one octet vrs some other octet that makes one more or less likely to be properly transmitted. We don't need to, e.g., Base64 encode our message bodies before we send them.

I have assumed that headers (and request and status line) are the same. Headers are historically spec'd ISO-8859-1, and the spec now recommends US-ASCII (see last paragraph of section), but that's not because headers, for example, are somehow not 8-bit clean (ISO-8859-1 is an 8-bit encoding), but because it makes sense, for other reasons, to spec them that way. So, if we're going to stick not-8-bit-ASCII bytes into our headers, we Base64 encode them first because it's easy to add ASCII to ASCII, whereas doing anything else would be (way) more complicated.

Am I missing something here?

(edit: the spec does not allow "any" octets in HTTP headers -- it limits valid octets)

Community
  • 1
  • 1
Hawkeye Parker
  • 7,817
  • 7
  • 44
  • 47
  • 1
    Note that Base64 encoding uses _=_ which is often significant/a metacharacter in headers e.g. the cookie header. So you need to be careful as to which header you are putting your Base64 string into. – Craig S. Anderson Nov 14 '14 at 17:56
  • 1
    @CraigAnderson thanks. Worth also noting here that there is a special variant of Base64 for encoding URL data, one that replaces '+' and '/' with legal chars. – Hawkeye Parker Nov 14 '14 at 23:44

1 Answers1

1

1) Note that the text you cited starts with "Historically".

2) No, header field values can not carry "anything", they are restricted to non-control characters, and whitespace may get converted.

Julian Reschke
  • 40,156
  • 8
  • 95
  • 98
  • Thank you for clarifying -- it makes sense. Base64 encoding ensures that the bytes are within this spec (e.g., not control characters). But, that's nothing to do with "8-bit clean". There is nothing in the spec that intentionally limits the start line and headers to 7-bit values, correct? Sorry, I think this is a very obvious issue; I just want to be %100 certain. – Hawkeye Parker Nov 14 '14 at 23:24
  • Updated question to include your corrections/clarifications. – Hawkeye Parker Nov 14 '14 at 23:53