Header Validations

[guybedford]

Some questions with regards to header validations:

• Valid headers keys must not include whitespace
• Valid header values must have whitespace trimmed

Possible clarifications that therefore might be made:

Keys

• Could clarify that they are always valid according to eg https://searchfox.org/mozilla-central/rev/9f76a47f4aa935b49754c5608a1c8e72ee358c46/netwerk/protocol/http/nsHttp.cpp#172-215 (which includes disallowing whitespace)

Values

• Could clarify that they are always trimmed by \t, , \r\ and \n
• Could clarify that they contain no inner \0, \r or \n.

Without the above assumptions, returning values to the user risks returning invalid values from a get() or entries() call, making any fetch-based Headers implementation on top of these primitives non-standard.

[guybedford]

I've updated the description here to separately consider keys and values.

[lukewagner]

Good point, I think we do need to tighten this up in the prose wording. I think the appropriate rule is that any field-key parameter (which we need to rename to field-name: #107) in wasi-http needs to be validated to match the field-name grammar in RFC 9110 (which ends up disallowing whitespace, to your point) and, similarly, any field-value parameter in wasi-http must match the field-value grammar in RFC 9110 (which ends up requiring the trimming), with a failure to match returning invalid-syntax.