repo: gemini-site
action: commit
revision: 
path_from: 
revision_from: 535304f16b812f31f44570d653db00f2ce0c0f66:
path_to: 
revision_to: 

commit 535304f16b812f31f44570d653db00f2ce0c0f66
Author: Solderpunk 
Date:   Sun Nov 14 18:15:41 2021 +0100

    Forbid UTF BOMs in requests or response headers.

diff --git a/docs/specification.gmi b/docs/specification.gmi

--- a/docs/specification.gmi
+++ b/docs/specification.gmi
@@ -41,7 +41,7 @@ Gemini requests are a single CRLF-terminated line with the following structure:

 

- is a UTF-8 encoded absolute URL, including a scheme, of maximum length 1024 bytes.
+ is a UTF-8 encoded absolute URL, including a scheme, of maximum length 1024 bytes.  The request MUST NOT begin with a U+FEFF byte order mark.

 Sending an absolute URL instead of only a path or selector is effectively equivalent to building in a HTTP "Host" header.  It permits virtual hosting of multiple Gemini domains on the same IP address.  It also allows servers to optionally act as proxies.  Including schemes other than "gemini" in requests allows servers to optionally act as protocol-translating gateways to e.g. fetch gopher resources over Gemini.  Proxying is optional and the vast majority of servers are expected to only respond to requests for resources at their own domain(s).

@@ -63,7 +63,7 @@ Gemini response headers look like this:

  is a UTF-8 encoded string of maximum length 1024 bytes, whose meaning is  dependent.

- and  are separated by a single space character.
+The response header as a whole and  as a sub-string both MUST NOT begin with a U+FEFF byte order mark.

 If  does not belong to the "SUCCESS" range of codes, then the server MUST close the connection after sending the header and MUST NOT send a response body.

-----END OF PAGE-----