W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Same resource exposed over HTTP and HTTPS

From: Nathan <nathan@webr3.org>
Date: Wed, 19 May 2010 20:46:11 +0100
Message-ID: <4BF44003.2020506@webr3.org>
To: Henrik Nordström <henrik@henriknordstrom.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Henrik Nordström wrote:
> ons 2010-05-19 klockan 15:36 +0100 skrev Nathan:
> 
>> I've hit on a scenario where we'd like to identify resource with http 
>> scheme URIs; where safe methods are exposed via standard HTTP, whereas 
>> unsafe methods (in this case PUT and DELETE) would be exposed via HTTPS.
> 
> Content-Location can be used to hint about this. If both http and https
> respond with the same https content location then clients will have a
> hint that they are the same and also a hint that this location should be
> used when updating the resource.

Nice answer, especially as I my follow up question (dependant on 
response) was going to be "and how would one hint or assert that HTTPS 
should be used for updates" - but you've covered that too!

>> The HTTP spec specifies "The PUT method requests that the enclosed 
>> entity be stored at the supplied request-target." and under p1 messaging 
>> 4.2 "The exact resource identified by an Internet request is determined 
>> by examining both the request-target and the Host header field."
> 
> Right. There is an unintentional gap there. http != https, but the above
> fails to account for that.

Could that be clarified with a note or suchlike in HTTPbis?

Many thanks,

Nathan
Received on Wednesday, 19 May 2010 19:47:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:18 GMT