- From: Mike Bishop <Michael.Bishop@microsoft.com>
- Date: Mon, 31 Oct 2016 23:24:46 +0000
- To: Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>
- CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, "HTTP working group mailing list" <ietf-http-wg@w3.org>
There's an explicit requirement in RFC 7230 for servers to accept it: > To allow for transition to the absolute-form for all requests in some > future version of HTTP, a server MUST accept the absolute-form in > requests, even though HTTP/1.1 clients will only send them in > requests to proxies. -----Original Message----- From: Mark Nottingham [mailto:mnot@mnot.net] Sent: Monday, October 31, 2016 4:17 PM To: Martin Thomson <martin.thomson@gmail.com> Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>; HTTP working group mailing list <ietf-http-wg@w3.org> Subject: Re: Op-sec simplification > On 1 Nov. 2016, at 10:15 am, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 1 November 2016 at 09:41, Mark Nottingham <mnot@mnot.net> wrote: >> Hold on -- are we layering in a new requirement to use the absolute form of the URL? > > I don't know how we carry the scheme any other way. We might try to > weasel this as being not "directly" to the origin server. > > Maybe I should point out that this is in contradiction to that section. I suspect someone with a process bent will say that it needs to update 7230, and having an experimental doc update a standards track one might be... interesting. I suppose if we have consensus to do it, it might work. > (FWIW, the servers I'm aware of all handle absolute URIs well enough.) Is there an implicit requirement for them to check that it was absolute? -- Mark Nottingham https://www.mnot.net/
Received on Monday, 31 October 2016 23:25:21 UTC