W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: Op-sec simplification

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 1 Nov 2016 10:17:04 +1100
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
Message-Id: <4CE68DCC-BE25-42DE-9247-4195103797EF@mnot.net>
To: Martin Thomson <martin.thomson@gmail.com>

> On 1 Nov. 2016, at 10:15 am, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 1 November 2016 at 09:41, Mark Nottingham <mnot@mnot.net> wrote:
>> Hold on -- are we layering in a new requirement to use the absolute form of the URL?
> 
> I don't know how we carry the scheme any other way.  We might try to
> weasel this as being not "directly" to the origin server.
> 
> Maybe I should point out that this is in contradiction to that section.

I suspect someone with a process bent will say that it needs to update 7230, and having an experimental doc update a standards track one might be... interesting. I suppose if we have consensus to do it, it might work.


> (FWIW, the servers I'm aware of all handle absolute URIs well enough.)

Is there an implicit requirement for them to check that it was absolute?

--
Mark Nottingham   https://www.mnot.net/
Received on Monday, 31 October 2016 23:17:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 31 October 2016 23:17:39 UTC