PUSH Clarifications from James M Snell on 2013-08-05 (ietf-http-wg@w3.org from July to September 2013)

From: James M Snell <jasnell@gmail.com>
Date: Mon, 5 Aug 2013 10:21:44 -0700
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABP7RbebJd01QgQMwvUH9DEvm1WoqUb2KmjorSJt7QeiY5z8SA@mail.gmail.com>

Saw the comments in the github repo issues regarding PUSH and safe
methods discussed in Hamburg... I gave some comments over there, but
given that it affects technical design and not just editorial, I
wanted to echo those same comments here on list...

I'm not 100% sure where the conversation ended up in Hamburg, but.. in
my opinion.. a PUSH...

1) Ought to ALWAYS be either an implied GET or HEAD, sending a
PUSH_PROMISE with a :method header field that specifies anything other
than GET or HEAD ought to be a stream error. This keeps things as
simple as possible without forcing us to get into dealing with
possibly weird edge cases caused by unknown extension methods.

2) Ought to only be an implied HEAD request if the originating request
is also a HEAD request. Otherwise, the PUSH is always a GET.

3) Ought to only be sent when the response has a 2xx status code. It
does not make much sense at all to send a PUSH when the status code is
[3-5]xx.

4) Ought to have an implicit or explicit Origin equal to the origin of
the pushed implied GET's effective request URI...

For instance, if a client sends..

  :method = GET
  :path = /foo
  :host = example.org:80
  origin = foo.example.com:43

The server can send a PUSH_PROMISE like...

  :method = GET
  :path = /foo/images/1.jpg
  :host = example.org:80
  origin = example.org:80

(in other words, the push does not inherit the origin of the
originating request...)

One thing we ought to consider: some mechanism a user-agent can use to
tell the server it is willing to accept pushed content from other
origins.  For instance, imagine sending the following *request*:

  :method = GET
  :path = /foo
  :host = example.org:80
  origin = foo.example.com:43
  allow-push-origin: abc.example.net:80, example.org:80

Which states: For this stream, I'll accept pushed resources from
abc.example.net:80 or example.org:80 and I'll RST_STREAM any attempt
to push resources from another origin.

(Obviously... where this gets a bit weird, however, is the fact that
PUSH is hop-by-hop, which would make allow-push-origin necessarily
hop-by-hop...)

Received on Monday, 5 August 2013 17:22:31 UTC