< Rule 34 Strikes Again
Next >

[Comments] (1) Content-MD5: I'm a little surprised that the HTTP standard defines a Content-MD5 header rather than a generic Content-Hash header that supports different hashing algorithms and provides a method for extension. That's how other HTTP headers work when there are a lot of ways to do something and there might be more in the future (Authorization, Cache, Accept-Encoding, TE). It's a little less surprising given that Content-MD5 is taken wholesale from a different RFC, one with only one wacky comment at the bottom of its faqs.org page.

Looking around I see only a couple nerds wondering about this, about as many as in 2005 were wondering why HTML forms don't support PUT or DELETE. But it's at the intersection of two trends: growing interest in putting metadata in HTTP headers, and growing interest in not using MD5. Has anyone else wanted to send a non-MD5 checksum in HTTP headers? If nobody says anything I'm going to go ahead and make a X-Content-SHA1.

Uh, and in keeping with the peurile theme established by the previous entry, here's my current favorite wacky faqs.org comment.

Filed under:


Posted by Nathaniel at Fri Sep 19 2008 15:10

Why not X-Content-Hash: sha1,BLAH; etc.?


Unless otherwise noted, all content licensed by Leonard Richardson
under a Creative Commons License.