The HTTP specs are quite clear.

This commit is contained in:
Cory Benfield 2016-03-10 09:43:05 +00:00
parent a2d64f9335
commit c4b1798020

View File

@ -413,11 +413,17 @@ main response, and you should check for ``http_version = 2`` before sending
them; if a protocol server or connection incapable of Server Push receives them; if a protocol server or connection incapable of Server Push receives
these, it should simply drop them. these, it should simply drop them.
The HTTP specs are somewhat vague on the subject of multiple headers; Multiple header fields with the same name are complex in HTTP. RFC 7230
RFC7230 explicitly says they must be merge-able with commas, while RFC6265 states that for any header field that can appear multiple times, it is exactly
says that ``Set-Cookie`` headers cannot be combined this way. This is why equivalent to sending that header field only once with all the values joined by
request ``headers`` is a ``dict``, and response ``headers`` is a list of commas.
tuples, which matches WSGI.
However, RFC 7230 and RFC 6265 make it clear that this rule does not apply to
the various headers used by HTTP cookies (``Cookie`` and ``Set-Cookie``). The
``Cookie`` header must only be sent once by a user-agent, but the
``Set-Cookie`` header may appear repeatedly and cannot be joined by commas.
For this reason, we can safely make the request ``headers`` a ``dict``, but
the response ``headers`` must be sent as a list of tuples, which matches WSGI.
Request Request
''''''' '''''''