[racket] Web server "Server" header

From: Norman Gray (norman at astro.gla.ac.uk)
Date: Tue Apr 12 11:08:04 EDT 2011

Jay, hello.

On 2011 Apr 12, at 15:28, Jay McCarthy wrote:

> Is it an error to not include this header? I'm not interested in the
> subtle advertising to log readers, so it doesn't really matter to me
> what is says.

I don't think that any headers are required.  I can't find an explicit statement of this in the RFC, but I can see nothing about headers being required.

> What's the behavior when there are two Server headers? Because you can
> just as easily pass another one in the optional header list.

If you add a further Server header to the response structure, then you get two Server headers in the result sent back over the wire.

Sect. 4.2 of the RFC says:

Multiple message-header fields with the same field-name MAY be
   present in a message if and only if the entire field-value for that
   header field is defined as a comma-separated list [i.e., #(values)].
   It MUST be possible to combine the multiple header fields into one
   "field-name: field-value" pair, without changing the semantics of the
   message, by appending each subsequent field-value to the first, each
   separated by a comma. The order in which header fields with the same
   field-name are received is therefore significant to the
   interpretation of the combined field value, and thus a proxy MUST NOT
   change the order of these field values when a message is forwarded.

However neither Server nor Last-Modified (which I'd also potentially like to set) is of this type, so this appears to make it illegitimate to have multiple Server or Last-Modified headers.  The Server header can have multiple 'product' values, but they're separated by spaces rather than commas (this also, incidentally, means that a value such as 

    Server: Racket my-server/0.1

would allow both bits of software to be mentioned); Last-Modified is definitely single-valued.

The point of the Server header isn't so much advertising to log readers, as indicating who should be blamed, or be sent bug reports, if a server is misbehaving.

> I don't like the idea of a parameter or another field in the response
> data structure, but maybe I should just add an optional argument to
> response/xexpr and then remove the automatic insertion in the code you
> quote.

I'm using this by filling in fields in the response structure, rather than just via response/xexpr (it's not just XML I'm returning), so I'd be in trouble if the only way of setting this was via the latter.

Would it be possible to adjust output-response-head so that it only output those defaulted fields if there wasn't a corresponding header in the response-headers field list?  The semantics would therefore be that the response-headers field values override the built-in defaults.

If it's relevant, I don't think the order of the response headers is significant.  The RFC doesn't say this explicitly, but I think only mention of header ordering is in the passage quoted above, which only discusses the same header being repeated.  In other words, if a hash got involved here, that wouldn't matter.

Best wishes,


Norman Gray  :  http://nxg.me.uk

Posted on the users mailing list.