I was going to make a joke that "X-Subliminal" from http://tuxgames.com should become "com.tuxgames.subliminal", but I see they already made it for me...
> In some situations, segregating the parameter name space used in a
given application protocol can be justified:
> 1. When it is extremely unlikely that some parameters will ever be
standardized. In this case, implementation-specific and private-
use parameters could at least incorporate the organization's name
(e.g., "ExampleInc-foo" or, consistent with [RFC4288],
"VND.ExampleInc.foo") or primary domain name (e.g.,
"com.example.foo" or a Uniform Resource Identifier [RFC3986] such
as "http://example.com/foo). In rare cases, truly experimental
parameters could be given meaningless names such as nonsense
words, the output of a hash function, or Universally Unique
Identifiers (UUIDs) [RFC4122].
Hmm... I've worked on software at three different orgs that rely on the X-Forwarded-For header to identify a client's IP address from in front of a firewall (I'm not a network guy, but I think it was Cisco equipment).
I agree the X- prefix ain't great. Is there an alternative for the originating IP address? If not, we need one.
Well, I guess their hope is that people start using Forwarded-For, and then it becomes standardized in the same way that X-Forwarded-For has sort of become standard.
> 1. Deprecates the "X-" convention for newly defined parameters (emphasis mine)
> 4. Makes no recommendation as to whether existing "X-" parameters ought to remain in use or be migrated to a format without the "X-"; this is a matter for the creators or maintainers of those parameters.
In practice, I expect X-Forwarded-For to live long and prosper for many years even if a X-less version standardizes.
You're probably aware of this, but for those that are not, you can easily get around this problem by adding a hidden form field with X-HTTP-Method-Override as the name and the method as the value. Assuming your web server supports the field.
If you want to build a RESTful website, it's really hard to get around it. Consider logging out. You want to send a DELETE to /Session. So you can just do this:
In CSS, the vendor prefixes are exactly what we need. They help bootstrapping, discussing, and proofing standards by having pre-standard implementations in the wild.
CSS is vastly more complex than HTTP headers which are most of the time, key-value(s).
Personally I think vendor prefixes are an awful hack. We've already got browser-conditional comments in HTML, why not use them? Hell, browser-specific stylesheets would be a better option from where I'm sitting.
Edited to clarify: I mean that browser-conditional comments should be implemented across browsers, not that we should rely on features already implemented.
vender prefixes are broken. What happens if the same vendor wants to implement another version of the same (still experimental) property?
What we need is draft prefixes. WebKit implements one type of gradient? Great, they define a prefix/property (which could be something as simple/silly as -webkit1-gradient), and anyone who implements the same API is free to use the same property name.
In this particular case, handling the pre-standard implementations would have been trivial because they all have different syntax. So you'd just write them all in there, and the ones that don't apply in the UA in question would just fail to parse and get dropped.
Firstly, I'm only discussing it's application to HTTP and I realise this is a more general rule. Customer X- headers are a hack, but they're also incredibly useful for simple debugging ala FirePHP, for transmitting application specific metadata or caching metadata in dev environments. The RFC even mentions a similar objection under three 'primary objections to deprecating the "X-" convention' - BCP 82, http://tools.ietf.org/html/bcp82.
Also, this statement, "the name space is not limited or constrained in any way, so there is no need to assign a block of names for private use or experimental purposes", this is true only for application/browser vendors (native devs), web devs are stuck with X- headers for sending custom data to the browser without interrupting page output.
I think the point is more that, instead of using X- headers you should just declare your header de-facto standard (because you're using it!) and name it without the "X-". The issue with prefixing headers with "X-" is that, in theory, when people start using it you've got to remove the "X-" at some point -- but that would cause all sorts of compatibility headaches.
It's not just about the prefix -- the goal is to get rid of the unstandardized parameter namespace entirely. New parameters should be named for permanence, so if they do become standard there's no need for migration.
The primary problem with the "X-" convention is that unstandardized
parameters have a tendency to leak into the protected space of
standardized parameters, thus introducing the need for migration from
the "X-" name to a standardized name. Migration, in turn, introduces
interoperability issues (and sometimes security issues) because older
implementations will support only the "X-" name and newer
implementations might support only the standardized name. To
preserve interoperability, newer implementations simply support the
"X-" name forever, which means that the unstandardized name has
become a de facto standard (thus obviating the need for segregation
of the name space into standardized and unstandardized areas in the
first place).
Most of your examples are covered under the "exception 1" clause, also in Appendix B:
In some situations, segregating the parameter name space used in a
given application protocol can be justified:
1. When it is extremely unlikely that some parameters will ever be
standardized...
2. When parameter names might have significant meaning...
3. When parameter names need to be very short (e.g., as in [RFC5646]
for language tags)...
> In some situations, segregating the parameter name space used in a given application protocol can be justified:
> 1. When it is extremely unlikely that some parameters will ever be standardized. In this case, implementation-specific and private- use parameters could at least incorporate the organization's name (e.g., "ExampleInc-foo" or, consistent with [RFC4288], "VND.ExampleInc.foo") or primary domain name (e.g., "com.example.foo" or a Uniform Resource Identifier [RFC3986] such as "http://example.com/foo). In rare cases, truly experimental parameters could be given meaningless names such as nonsense words, the output of a hash function, or Universally Unique Identifiers (UUIDs) [RFC4122].