Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:111213 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 14185 invoked from network); 28 Jul 2020 09:56:33 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 28 Jul 2020 09:56:33 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 7E3461804D0 for ; Tue, 28 Jul 2020 01:52:26 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-il1-f180.google.com (mail-il1-f180.google.com [209.85.166.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 28 Jul 2020 01:52:25 -0700 (PDT) Received: by mail-il1-f180.google.com with SMTP id g6so579202ilc.7 for ; Tue, 28 Jul 2020 01:52:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=v+qmJjzZMEeKZKPs4xlzP9KSw3GWlaQdVdMCy3iAcGw=; b=Dqrql+eA+ytQ0IyZLwq+R6DX5hWMlOd1Y1XWeXkjYrQqGfCrlqPN1epBjM+ENgGncd IhS8NgMUAhlROLLXKM9/clodsOAO6L4ATUqfDncPSSfugJGklOyixSUT8qu2rWb6dIE+ XKS9yJulk9AOcvZl+fg0zW6t9t+GZ3UUDKLFYcjqtFE/QRdY4b5fSM/J05FL3az8QDMN EC4ldqLL4v4BEkC5/NCbnF/mgbJ4HvtDE+svDwr+BfTlpyRX19cdeWAHWk2mpyIqI+FH 2kNno/jC7U1D4rqyHDlPuoLhU0Hvorq0rMVDrHEbWEf019dKnKsFeNaSfQ/Kcu45UbMm odDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=v+qmJjzZMEeKZKPs4xlzP9KSw3GWlaQdVdMCy3iAcGw=; b=A7IHZXCBJrFWxZ+3rq7HXa2MAAWxbgJ2GmYKblzdggVnBGXU2e0I1jsPlz6z3hziqI 0/70dZra9eIKodWrDz2MphloyfUeCS1pnIkytowxAg7yjK1mxYfT4RiFwTS3m//I+mJI 9zcS6X6aRyQx6Tc+YZTNyiZRmMVkZD82bKPMFzEUjaa5KUbg66J5Th9HjEXOHd3uQ9eh g3n3VEAZHykOOHJWwpwKeRHNkqAg8FK6AzQ7pUftmLIwSjfXJo5INqcMhnpPJB6/nkST EAMMFParJ1YGj/9bB5xPb/jC+f3svxVW+qfpusrUJFNQHONyyvxUWHUz6apBFCiUAq6H ht5w== X-Gm-Message-State: AOAM530j8/G5VJjoEfVK+3JSUmt7y27lpoW3Hl2B1ZlQyDDeYlHEk7tU /aNDgWuB4kR6hp1TKjH4g/Wc5c/sMAJMa35gpW3259h0 X-Google-Smtp-Source: ABdhPJw/TNW/q/ih5U+BYyG0q7zOvveOY78H8T3bNOvOqjR6sz0y0nNIUk27SJd7s8NZytA92tXqiwMpA31j38+q6mM= X-Received: by 2002:a92:9402:: with SMTP id c2mr26220836ili.267.1595926344919; Tue, 28 Jul 2020 01:52:24 -0700 (PDT) MIME-Version: 1.0 References: <9d28ade6-1a70-9850-3bc0-64050c0dcbe4@gmail.com> In-Reply-To: Date: Tue, 28 Jul 2020 09:52:12 +0100 Message-ID: To: PHP Internals Content-Type: multipart/alternative; boundary="000000000000e06d3b05ab7c8e57" Subject: Re: [PHP-DEV] Re: HTTP/1.1 by default in PHP 8.0 From: rowan.collins@gmail.com (Rowan Tommins) --000000000000e06d3b05ab7c8e57 Content-Type: text/plain; charset="UTF-8" Hi Sara, On Tue, 28 Jul 2020 at 00:24, Sara Golemon wrote: > > Given that it's a very small change, the RFC is probably not necessary, in > which case it's not too late, however I'd like some clarification about > what this actually offers over defaulting to 1.0. > That's a very reasonable question. The way I see it is this: The risk of advertising 1.0 by default is that some software will have been programmed to outright refuse that protocol version. I don't know of any recent examples, but this bug report from 2007 was for a SOAP endpoint that returned 505 Version Not Supported: https://bugs.php.net/bug.php?id=43069 Notably, Dmitry's patch for that bug made sure the protocol context option is honoured by ext/soap, but also specifically defaulted it to HTTP/1.1 as of PHP 5.3. The risk of advertising 1.1 by default is that some software will respond with a more complex response, and trigger some bug in our response parsing. This was previously the case with detecting "Transfer-Encoding: chunked" headers, for instance. By advertising 1.0, we may be benefitting from servers "downgrading" their response. In practice, a large amount of software appears to do neither, and simply replies with an HTTP/1.1 response to a HTTP/1.0 request. This is why I talk about "advertising" versions - in practice, the code is always acting as an HTTP/1.1 client, e.g. sending "Connection: Close", and listening for Transfer-Encoding, because it's increasingly rare for a server to actually honour the 1.0 spec. My main motivation for the change is that if someone was writing the feature today, I don't think it would occur to them to default to 1.0, and I think _new_ users would be less surprised at needing to opt into 1.0 than into 1.1. Regards, -- Rowan Tommins [IMSoP] --000000000000e06d3b05ab7c8e57--