Re: :scheme, was: consensus on :query ?

With AltSvc, http-scheme-over-TLS is highly relevant to client-to-origin as
well.  What is the behavior of non-proxy origins to getting absolute http://
request URIs over TLS with HTTP/1.1?  Good point that this is normal for
proxies, but I'd guess that many non-proxy origins would be confused by an
absolute http:// request URI over TLS?  With HTTP/2 this is expected to be
a normal/typical to have browsers/clients send http-scheme-over-TLS to
origins after an AltSvc.

       Erik


On Jul 24, 2014 8:17 PM, "Amos Jeffries" <squid3@treenet.co.nz> wrote:

>
> http-scheme-over-TLS is only useful when communicating to an explicit
> proxy. So the request URI is required to be in absolute-form where the
> scheme: is explicitly sent as http:// regardess of the TLS connection it
> arrives on.
>
...

> >
> > On Thu, Jul 24, 2014 at 2:33 PM, Martin Thomson wrote:
> >> On 24 July 2014 11:21, Erik Nygren wrote:
> >>> I'd been under the assumption that http-scheme-over-TLS would only be
> >>> allowed over HTTP/2?
> >>
> >> I'll open that issue.  We currently have no explicit restriction that
> >> prevents this.  I don't think that we have any reason to say
> >> HTTP/2-only.  I also don't think that we need a specific exclusion for
> >> HTTP/1.1, which is the other way we might cut this (so that we could
> >> retain the feature for some theorized HTTP/5, which may or may not be
> >> in active development for some major browser).
> >>
> >> That said, Mozilla doesn't plan to use oppsec for HTTP/1.1, at least
> >> in the short to medium term.
> >
>
>
>

Received on Friday, 25 July 2014 03:30:25 UTC