- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 21 Nov 2016 14:14:00 +1100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Erik Nygren <erik+ietf@nygren.org>
Personally -- SGTM (including #2). > On 21 Nov. 2016, at 1:29 pm, Martin Thomson <martin.thomson@gmail.com> wrote: > > Patrick (perhaps indirectly) suggested that we can harness a Firefox bug here: > > https://github.com/httpwg/http-extensions/pull/270 > > That is, rather than mention that coalescing between https and http > might happen, forbid it instead. > > I'm fairly sure that this will address the concerns Erik had. Maybe > too effectively; objections like this would be good to hear. > > I didn't add any text here about coalescing two http:// origins. I > don't want to close this issue until we resolve that too. Should we: > > 1. allow coalescing of two http:// origins by default > 2. forbid coalescing of two http:// origins without an explicit signal > > My preference is for option 2. > > Let's be perfectly clear, there's no inherent protocol reason why we > can't coalesce. But this stems from an (over)abundance of caution. > We can develop explicit opt-in signals regarding coalescing if it came > to that ... #include <ORIGIN frame discussions>. > -- Mark Nottingham https://www.mnot.net/
Received on Monday, 21 November 2016 03:14:32 UTC