W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2019

Re: Formalizing the HTTP State Tokens proposal.

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Thu, 28 Mar 2019 21:07:23 +0200 (EET)
To: HTTP Working Group <ietf-http-wg@w3.org>
CC: Mike West <mkwst@google.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Message-Id: <20190328190729.F36474EEEA@welho-filter4.welho.com>
5.1.  Attach HTTP State Tokens to a request
https://tools.ietf.org/html/draft-west-http-state-tokens-00#section-5.1


So Sec-Http-State header field is added also to requests for static sites, which do not need state.

Setting

Sec-Http-State-Options: delivery=same-origin

sure help reduce extra Sec-Http-State: header fields to be sent 
(for example static resources which are references on html page, 
 if they use another origin.)

However I suggest

Sec-Http-State-Options: delivery=none

so that static site can opt-out that request header.



Perhaps make sense also to defined other member for "Sec-Http-State-Options" header
dictionary, which controls which elements ('image', 'iframe', 'script', 'audio' 
and so on) cause Sec-Http-State: header field added to request when correspond resource
is retrieved. This is additional constrain (also "delivery" is in force).


Idea is further reduce http request size.

/ Kari Hurtta
Received on Thursday, 28 March 2019 19:07:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 September 2019 17:48:42 UTC