W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Same resource exposed over HTTP and HTTPS

From: Nathan <nathan@webr3.org>
Date: Wed, 19 May 2010 15:36:59 +0100
Message-ID: <4BF3F78B.3010506@webr3.org>
To: HTTP Working Group <ietf-http-wg@w3.org>
Hi All,

I've hit on a scenario where we'd like to identify resource with http 
scheme URIs; where safe methods are exposed via standard HTTP, whereas 
unsafe methods (in this case PUT and DELETE) would be exposed via HTTPS.

I'm entirely unsure how to approach this, can find little documentation 
on doing Upgrade; and am very unsure what it means to PUT to https://.. 
and GET from http://.

The HTTP spec specifies "The PUT method requests that the enclosed 
entity be stored at the supplied request-target." and under p1 messaging 
4.2 "The exact resource identified by an Internet request is determined 
by examining both the request-target and the Host header field."

The above would lead me to believe that in both an http and https 
request (when using the 'path-absolute') that the resource identified in 
both cases is a scheme-less concatenation of host & 'path-absolute'. 
However when an the request-target is an absolute-URI then..? (do we 
chop the schemes off to get the resource identified?)

As you can see, in need of some clarification,

Best,

Nathan
Received on Wednesday, 19 May 2010 15:37:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:18 GMT