RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 7230, "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", June 2014

Note: This RFC has been obsoleted by RFC 9110, RFC 9112

Note: This RFC has been updated by RFC 8615

Source of RFC: httpbis (wit)

Errata ID: 5623
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT

Reported By: Armin Abfalterer
Date Reported: 2019-02-05
Rejected by: Alexey Melnikov
Date Rejected: 2019-04-15

Section 2.7 says:

absolute-URI  = <absolute-URI, see [RFC3986], Section 4.3>


RFC3986 defines "absolute-URI" very openly, especially regarding to "hier-part":

absolute-URI = scheme ":" hier-part [ "?" query ]

hier-part = "//" authority path-abempty
/ path-absolute
/ path-rootless
/ path-empty

The impact is reflected in RFC 7231 in the definition of the header fields Referer and Content-Location.

absolute-URI = <absolute-URI, see [RFC7230], Section 2.7>

Thus, following examples of header values are considered valid

Referer: https:foo/bar
Referer: https:/foo
Referer: https:/
Referer: foo:/

I'd suggest to define "hier-part" (but also "scheme") more strictly.
As per WG discussion: <https://lists.w3.org/Archives/Public/ietf-http-wg/2019JanMar/0130.html>

Report New Errata

Advanced Search