- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Wed, 19 May 2010 21:36:26 +0200
- To: nathan@webr3.org
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
ons 2010-05-19 klockan 15:36 +0100 skrev Nathan: > I've hit on a scenario where we'd like to identify resource with http > scheme URIs; where safe methods are exposed via standard HTTP, whereas > unsafe methods (in this case PUT and DELETE) would be exposed via HTTPS. Content-Location can be used to hint about this. If both http and https respond with the same https content location then clients will have a hint that they are the same and also a hint that this location should be used when updating the resource. > I'm entirely unsure how to approach this, can find little documentation > on doing Upgrade; and am very unsure what it means to PUT to https://.. > and GET from http://. Upgrade isn't used much if at all. Everyone seems quite satisfied with using explicit https. Upgrade can be compared to STARTTLS in other protocols if you are familiar with that. > The HTTP spec specifies "The PUT method requests that the enclosed > entity be stored at the supplied request-target." and under p1 messaging > 4.2 "The exact resource identified by an Internet request is determined > by examining both the request-target and the Host header field." Right. There is an unintentional gap there. http != https, but the above fails to account for that. Regards Henrik
Received on Wednesday, 19 May 2010 19:36:56 UTC