- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 4 May 2013 22:39:46 -0700
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
I really don't know which spec is defining how/when we reuse http connections. All I know is that we have a pool of open TCP connections that were used for previous http requests. We don't use that pool when making credential-less CORS requests. We instead use a separate pool, specifically for credential-less CORS requests. Sorry I can't be more precise. I'm happy to point people to the relevant code if needed. / Jonas On Sat, May 4, 2013 at 3:58 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > * Jonas Sicking wrote: >>On May 4, 2013 1:29 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote: >>> On Fri, May 3, 2013 at 7:00 PM, Jonas Sicking <jonas@sicking.cc> wrote: >>> > We also don't reuse keep-alive http connections. >>> >>> Are we talking about persistent connections as per >>> http://tools.ietf.org/html/rfc2616#section-8.1 or the obsolete >>> HTTP/1.0 feature? >> >>In the sense of the keep-alive header. I'm not sure, but I think it was >>defined in HTTP 1.1. > > It's extremely unlikely that the `Keep-Alive` header is special here. > It rather seems to me you meant "We also don't reuse http connections." > A HTTP connection has to be persistent, has to be kept alive, in order > for it to be re-used, and how or why a connection is "kept alive" does, > most probably, not affect whether Firefox will re-use it in your sense > above. And no, HTTP/1.1 as defined in RFC 2616 does not use the `Keep- > Alive` header. > -- > Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de > Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de > 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Sunday, 5 May 2013 05:40:44 UTC