- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 28 Oct 2010 07:48:25 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Adam Barth <w3c@adambarth.com>, Julian Reschke <julian.reschke@gmx.de>, Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Oct 28, 2010 at 02:14:53PM +1100, Mark Nottingham wrote: > Because CONNECT is for establishing a connection to a proxy, not a gateway (which is what you're doing). That's true but the semantics of the CONNECT method is the closest to what we need in WebSocket. After all, we're negociating a bidirectionnal tunnel between the browser and the application through the HTTP infrastructure. > Also, I suspect putting a body on a CONNECT request is going to lead to interop problems (which is what led to #251). And possibly to request smuggling attacks, which was one reason for choosing CONNECT. We should stay on the compatibilty side IMHO, and I too am worried about the possible implications of sending a body with a CONNECT. Regards, Willy
Received on Thursday, 28 October 2010 05:49:20 UTC