Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:111215 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 27637 invoked from network); 28 Jul 2020 11:20:00 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 28 Jul 2020 11:20:00 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B08D41804E6 for ; Tue, 28 Jul 2020 03:15:54 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from v-smtpout3.han.skanova.net (v-smtpout3.han.skanova.net [81.236.60.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 28 Jul 2020 03:15:53 -0700 (PDT) Received: from [192.168.7.8] ([213.64.245.126]) by cmsmtp with ESMTPA id 0MeFkpOWwxDlh0MeFkZg3D; Tue, 28 Jul 2020 12:15:52 +0200 To: Rowan Tommins References: <9d28ade6-1a70-9850-3bc0-64050c0dcbe4@gmail.com> Cc: PHP Internals Message-ID: <0de0210b-ae9e-d0ce-05a0-56e858bde204@telia.com> Date: Tue, 28 Jul 2020 12:15:50 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-CMAE-Envelope: MS4wfN50CG4z54WGSXg9kqwlkCZ5GKK+UXQwCr1fbJPX9Ir141sVl7f4MHYC/2O9yoP9iikOdB8UWXjeM896zFwxwDjcOq4BSUuwBnVhlO5DuyKY4vd/0oMX j782g+lm2arskNFGQhCnUFbRmEyV+x3e18ot242bulOC6CEM0KPJaPSG2Nz7pIgPiVADLHhSkS/tX/X/3eTE7W7KNZS8IEiL4VO+4QqSWsUNdQ4UtmYr+WG0 Subject: Re: [PHP-DEV] Re: HTTP/1.1 by default in PHP 8.0 From: bjorn.x.larsson@telia.com (=?UTF-8?Q?Bj=c3=b6rn_Larsson?=) Hi Rowan, Den 2020-07-28 kl. 10:52, skrev Rowan Tommins: > Hi Sara, > > On Tue, 28 Jul 2020 at 00:24, Sara Golemon wrote: > >> Given that it's a very small change, the RFC is probably not necessary, in >> which case it's not too late, however I'd like some clarification about >> what this actually offers over defaulting to 1.0. >> > > That's a very reasonable question. The way I see it is this: > > The risk of advertising 1.0 by default is that some software will have been > programmed to outright refuse that protocol version. I don't know of any > recent examples, but this bug report from 2007 was for a SOAP endpoint that > returned 505 Version Not Supported: https://bugs.php.net/bug.php?id=43069 > Notably, Dmitry's patch for that bug made sure the protocol context option > is honoured by ext/soap, but also specifically defaulted it to HTTP/1.1 as > of PHP 5.3. > > The risk of advertising 1.1 by default is that some software will respond > with a more complex response, and trigger some bug in our response parsing. > This was previously the case with detecting "Transfer-Encoding: chunked" > headers, for instance. By advertising 1.0, we may be benefitting from > servers "downgrading" their response. > > In practice, a large amount of software appears to do neither, and simply > replies with an HTTP/1.1 response to a HTTP/1.0 request. This is why I talk > about "advertising" versions - in practice, the code is always acting as an > HTTP/1.1 client, e.g. sending "Connection: Close", and listening for > Transfer-Encoding, because it's increasingly rare for a server to actually > honour the 1.0 spec. > > My main motivation for the change is that if someone was writing the > feature today, I don't think it would occur to them to default to 1.0, and > I think _new_ users would be less surprised at needing to opt into 1.0 than > into 1.1. > > Regards, I think there is also a consistency argument to make here. If the code behaves like HTTP 1.1, I think it also should advertise it as such. So go for it! Regards //Björn L