I was going to make a joke that "X-Subliminal" from http://tuxgames.com should become "com.tuxgames.subliminal", but I see they already made it for me...
> In some situations, segregating the parameter name space used in a
given application protocol can be justified:
> 1. When it is extremely unlikely that some parameters will ever be
standardized. In this case, implementation-specific and private-
use parameters could at least incorporate the organization's name
(e.g., "ExampleInc-foo" or, consistent with [RFC4288],
"VND.ExampleInc.foo") or primary domain name (e.g.,
"com.example.foo" or a Uniform Resource Identifier [RFC3986] such
as "http://example.com/foo). In rare cases, truly experimental
parameters could be given meaningless names such as nonsense
words, the output of a hash function, or Universally Unique
Identifiers (UUIDs) [RFC4122].
Hmm... I've worked on software at three different orgs that rely on the X-Forwarded-For header to identify a client's IP address from in front of a firewall (I'm not a network guy, but I think it was Cisco equipment).
I agree the X- prefix ain't great. Is there an alternative for the originating IP address? If not, we need one.
Well, I guess their hope is that people start using Forwarded-For, and then it becomes standardized in the same way that X-Forwarded-For has sort of become standard.
> 1. Deprecates the "X-" convention for newly defined parameters (emphasis mine)
> 4. Makes no recommendation as to whether existing "X-" parameters ought to remain in use or be migrated to a format without the "X-"; this is a matter for the creators or maintainers of those parameters.
In practice, I expect X-Forwarded-For to live long and prosper for many years even if a X-less version standardizes.
You're probably aware of this, but for those that are not, you can easily get around this problem by adding a hidden form field with X-HTTP-Method-Override as the name and the method as the value. Assuming your web server supports the field.
In CSS, the vendor prefixes are exactly what we need. They help bootstrapping, discussing, and proofing standards by having pre-standard implementations in the wild.
CSS is vastly more complex than HTTP headers which are most of the time, key-value(s).
Firstly, I'm only discussing it's application to HTTP and I realise this is a more general rule. Customer X- headers are a hack, but they're also incredibly useful for simple debugging ala FirePHP, for transmitting application specific metadata or caching metadata in dev environments. The RFC even mentions a similar objection under three 'primary objections to deprecating the "X-" convention' - BCP 82, http://tools.ietf.org/html/bcp82.
Also, this statement, "the name space is not limited or constrained in any way, so there is no need to assign a block of names for private use or experimental purposes", this is true only for application/browser vendors (native devs), web devs are stuck with X- headers for sending custom data to the browser without interrupting page output.
I think the point is more that, instead of using X- headers you should just declare your header de-facto standard (because you're using it!) and name it without the "X-". The issue with prefixing headers with "X-" is that, in theory, when people start using it you've got to remove the "X-" at some point -- but that would cause all sorts of compatibility headaches.
It's not just about the prefix -- the goal is to get rid of the unstandardized parameter namespace entirely. New parameters should be named for permanence, so if they do become standard there's no need for migration.
The primary problem with the "X-" convention is that unstandardized
parameters have a tendency to leak into the protected space of
standardized parameters, thus introducing the need for migration from
the "X-" name to a standardized name. Migration, in turn, introduces
interoperability issues (and sometimes security issues) because older
implementations will support only the "X-" name and newer
implementations might support only the standardized name. To
preserve interoperability, newer implementations simply support the
"X-" name forever, which means that the unstandardized name has
become a de facto standard (thus obviating the need for segregation
of the name space into standardized and unstandardized areas in the
first place).
Most of your examples are covered under the "exception 1" clause, also in Appendix B:
In some situations, segregating the parameter name space used in a
given application protocol can be justified:
1. When it is extremely unlikely that some parameters will ever be
standardized...
2. When parameter names might have significant meaning...
3. When parameter names need to be very short (e.g., as in [RFC5646]
for language tags)...
[+] [-] Jach|13 years ago|reply
> In some situations, segregating the parameter name space used in a given application protocol can be justified:
> 1. When it is extremely unlikely that some parameters will ever be standardized. In this case, implementation-specific and private- use parameters could at least incorporate the organization's name (e.g., "ExampleInc-foo" or, consistent with [RFC4288], "VND.ExampleInc.foo") or primary domain name (e.g., "com.example.foo" or a Uniform Resource Identifier [RFC3986] such as "http://example.com/foo). In rare cases, truly experimental parameters could be given meaningless names such as nonsense words, the output of a hash function, or Universally Unique Identifiers (UUIDs) [RFC4122].
[+] [-] raldi|13 years ago|reply
[+] [-] drsim|13 years ago|reply
I agree the X- prefix ain't great. Is there an alternative for the originating IP address? If not, we need one.
[+] [-] apgwoz|13 years ago|reply
[+] [-] Jare|13 years ago|reply
> 1. Deprecates the "X-" convention for newly defined parameters (emphasis mine)
> 4. Makes no recommendation as to whether existing "X-" parameters ought to remain in use or be migrated to a format without the "X-"; this is a matter for the creators or maintainers of those parameters.
In practice, I expect X-Forwarded-For to live long and prosper for many years even if a X-less version standardizes.
[+] [-] yaix|13 years ago|reply
Next, please convince browser vendors to support HTTP methods (PUT, DELETE, etc.) in forms.
[+] [-] MatthewPhillips|13 years ago|reply
[+] [-] natrius|13 years ago|reply
[+] [-] lloeki|13 years ago|reply
How would you handle the case of pre-standard implementations?
Like:
vs: which eventually became: In CSS, the vendor prefixes are exactly what we need. They help bootstrapping, discussing, and proofing standards by having pre-standard implementations in the wild.CSS is vastly more complex than HTTP headers which are most of the time, key-value(s).
[+] [-] saurik|13 years ago|reply
http://news.ycombinator.com/item?id=3561950
[+] [-] Sniffnoy|13 years ago|reply
[+] [-] firlefans|13 years ago|reply
Also, this statement, "the name space is not limited or constrained in any way, so there is no need to assign a block of names for private use or experimental purposes", this is true only for application/browser vendors (native devs), web devs are stuck with X- headers for sending custom data to the browser without interrupting page output.
[+] [-] andrewaylett|13 years ago|reply
[+] [-] phibit|13 years ago|reply
[+] [-] momokatte|13 years ago|reply
http://tools.ietf.org/id/draft-ietf-appsawg-xdash-05.html
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] sleepyhead|13 years ago|reply
X-Ua-Compatible: IE=Edge,chrome=1
X-Request-Id: 19c0a05fd28e371127a76f658203eace
X-Runtime: 0.002039
X-Content-Digest: 2c4b5e9fc815a69ecb514e41e27e6ac7f2716801
X-Rack-Cache: miss, store
X-Varnish: 1299462197
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: kDpGVcaIcDVQm-PkMd_FPnR_IcPZqPgR0NxKEvmOBWKaURpeus5vEw==,_ycCBrLJT91EOYt14GTciFKKLlpzLt1cogvPpK2PkDP7QzYVGbcsGQ==
[+] [-] jjguy|13 years ago|reply
[+] [-] asdfaoeu|13 years ago|reply
[+] [-] mildweed|13 years ago|reply
[+] [-] saurik|13 years ago|reply
https://news.ycombinator.com/item?id=3539663
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] pacoverdi|13 years ago|reply
[+] [-] apgwoz|13 years ago|reply
[+] [-] SimHacker|13 years ago|reply
[+] [-] astrodust|13 years ago|reply
Windows is a Microsoft product.
[+] [-] jpswade|13 years ago|reply
This would make IP discovery easy peasy!
[+] [-] shasty|13 years ago|reply
We need ways to move forward or e ven sideways if thats what we choose using an extension mechanism that is simple.