Monday 20 November 2017

Custom HTTP headers : naming conventions

itemprop="text">

Several of our users have asked us to
include data relative to their account in the HTTP headers of
requests we send them, or even responses they get from our API.
What is the
general convention to add custom HTTP headers, in terms of
naming, format...
etc.




Also, feel free to post any
smart usage of these that you stumbled upon on the web; We're trying to implement this
using what's best out there as a target :)


class="post-text" itemprop="text">
class="normal">Answer



The
recommendation is was to start
their name with "X-". E.g. rel="noreferrer">X-Forwarded-For, href="http://en.wikipedia.org/wiki/X-Requested-With"
rel="noreferrer">X-Requested-With. This is also
mentioned in a.o. section 5 of rel="noreferrer">RFC 2047.



/>

Update 1: On June 2011,
the first rel="noreferrer">IETF draft was posted to
deprecate the recommendation of using the "X-" prefix for
non-standard headers. The reason is that when non-standard headers prefixed with "X-"
become standard, removing the "X-" prefix breaks backwards compatibility, forcing
application protocols to support both names (E.g, x-gzip &
gzip are now equivalent). So, the official recommendation is to
just name them sensibly without the "X-"
prefix.



/>


Update 2: On
June 2012, the deprecation of recommendation to use the "X-" prefix has become official
as RFC
6648. Below are cites of
relevance:




3.
Recommendations for Creators of New Parameters




...





  1. SHOULD NOT prefix their parameter names with "X-" or similar

    constructs.










4. Recommendations for Protocol Designers




...






  1. SHOULD NOT prohibit parameters with an "X-" prefix or
    similar
    constructs from being registered.



  2. MUST NOT stipulate that a parameter with an "X-" prefix or

    similar constructs needs to be understood as
    unstandardized.


  3. MUST NOT stipulate
    that a parameter without an "X-" prefix or
    similar constructs needs to be
    understood as standardized.







Note
that "SHOULD NOT" ("discouraged") is not the same as "MUST NOT" ("forbidden"), see also
RFC 2119
for another spec on those keywords. In other words, you can keep using "X-" prefixed
headers, but it's not officially recommended anymore and you may definitely not document
them as if they are public standard.



/>

Summary:




  • the
    official recommendation is to just name them sensibly without the
    "X-" prefix

  • you can keep using "X-" prefixed headers, but
    it's not officially recommended anymore and you may definitely not document them as if
    they are public standard




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...