W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Mixed schemes

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 21 Nov 2016 13:29:46 +1100
Message-ID: <CABkgnnWHO3ffdeviYjCEzqao43cUMWGmjmNGxM=OHg2G4SXGwA@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>, Erik Nygren <erik+ietf@nygren.org>
Patrick (perhaps indirectly) suggested that we can harness a Firefox bug here:

  https://github.com/httpwg/http-extensions/pull/270

That is, rather than mention that coalescing between https and http
might happen, forbid it instead.

I'm fairly sure that this will address the concerns Erik had.  Maybe
too effectively; objections like this would be good to hear.

I didn't add any text here about coalescing two http:// origins.  I
don't want to close this issue until we resolve that too.  Should we:

1. allow coalescing of two http:// origins by default
2. forbid coalescing of two http:// origins without an explicit signal

My preference is for option 2.

Let's be perfectly clear, there's no inherent protocol reason why we
can't coalesce.  But this stems from an (over)abundance of caution.
We can develop explicit opt-in signals regarding coalescing if it came
to that ... #include <ORIGIN frame discussions>.
Received on Monday, 21 November 2016 02:58:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 21 November 2016 02:58:15 UTC