(In reply to Valentin Gosu [:valentin] (he/him) {{ PTO 21 Dec - 06 Jan }} from comment #3)
> I think the problem is that draft-ietf-httpapi-idempotency-key-header-05 says we should use a structured-header sf-string, but the apple websites don't really like that.
>
> The problem is that none of the other browsers has shipped an idempotency-key implementation.
> If this is a major problem we can disable the pref while we reach out to apple regarding their server implementation.
I reached out to Karl Dubost to see if he can get us in touch with the right folks at Apple, in bug 1940594 comment 10.
If we're still stalled on this in a few weeks, we might want to turn off the pref (it's already nightly-only which is some comfort, but we don't want to be unnecessarily preventing Nightly from using discussions.apple.com).
(I wonder if this is the first http header in a browser that includes a double-quote character? It feels like it might be, if this Apple site has apparently been able to reject any requests with such a header up to this point without causing breakage. Maybe this is a sign that there's some webcompat risk from shipping this header in this form; i.e. some deployed web servers might just barf when finding a double-quote character in an http header, either due to them being overly strict, or having a parsing bug, or intentionally rejecting it as some sort of perceived injection attack... Might be worth discussing with the IETF if we anticipate this being something broader than just this one Apple discussion-forum.)
Bug 1941375 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Valentin Gosu [:valentin] (he/him) {{ PTO 21 Dec - 06 Jan }} from comment #3)
> I think the problem is that draft-ietf-httpapi-idempotency-key-header-05 says we should use a structured-header sf-string, but the apple websites don't really like that.
>
> The problem is that none of the other browsers has shipped an idempotency-key implementation.
> If this is a major problem we can disable the pref while we reach out to apple regarding their server implementation.
I reached out to Karl Dubost to see if he can get us in touch with the right folks at Apple, in bug 1940594 comment 10.
If we're still stalled on this in a few weeks, we might want to turn off the pref (it's already nightly-only which is some comfort, but we don't want to be unnecessarily preventing Nightly users from using discussions.apple.com).
(I wonder if this is the first http header in a browser that includes a double-quote character? It feels like it might be, if this Apple site has apparently been able to reject any requests with such a header up to this point without causing breakage. Maybe this is a sign that there's some webcompat risk from shipping this header in this form; i.e. some deployed web servers might just barf when finding a double-quote character in an http header, either due to them being overly strict, or having a parsing bug, or intentionally rejecting it as some sort of perceived injection attack... Might be worth discussing with the IETF if we anticipate this being something broader than just this one Apple discussion-forum.)