search

httpwg / http-extensions

HTTP Extensions in progress
https://httpwg.org/http-extensions/
447 stars 146 forks source link

Better name for the "expires" attribute in Upload-Limit #2940

Open guoye-zhang opened 2 weeks ago

guoye-zhang commented 2 weeks ago

Expires typically is an absolute timestamp, but it is a number of seconds in Upload-Limit. It might be better named as timeout or something similar.

LPardue commented 2 weeks ago

Some possible inspiration maybe?

https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-08.html#section-3.1.3

The "w" parameter value conveys a time window applicable to the quota (Section 3.1.1). The time window MUST be a non-negative Integer value expressing an interval in seconds, similar to the "delay-seconds" rule defined in Section 10.2.3 of [HTTP]. Sub-second precision is not supported.

smatsson commented 2 weeks ago

Maybe we could use max-age as it is already used in other standards? Not a perfect 1:1 match but close enough?

max-age in RFC 9111 - https://www.rfc-editor.org/rfc/rfc9111.html#name-max-age-2

The max-age response directive indicates that the response is to be considered stale after its age is greater than the specified number of seconds.

access-control-max-age in CORS - https://fetch.spec.whatwg.org/#http-access-control-max-age

Indicates the number of seconds (5 by default) the information provided by the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers can be cached.

Another idea could be expires-in but that is not in the list of registered IANA headers so might be more work than it's worth?

TTL could also possibly be used with the same argument as max-age?

TTL in RFC8030 - https://www.rfc-editor.org/rfc/rfc8030.html#page-11

An application server MUST include the TTL (Time-To-Live) header field in its request for push message delivery. The TTL header field contains a value in seconds that suggests how long a push message is retained by the push service.

EDIT: On the other hand, these do not really convey the same thing. Upload-Limit -> Expires is the amount left before the upload expires while e.g. max-age is the total time and will be constant on each request while Expires will be smaller (or possibly larger) on each request.

smatsson commented 2 weeks ago

Another solution would be to change expires into a sf date: https://www.ietf.org/rfc/rfc9651.html#name-dates

LPardue commented 2 weeks ago

https://www.rfc-editor.org/rfc/rfc7838.html#section-3.1

Syntax:

ma = delta-seconds; see [RFC7234], Section 1.2.1

The delta-seconds value indicates the number of seconds since the response was generated for which the alternative service is considered fresh.