- From: Nottingham, Mark <mnotting@akamai.com>
- Date: Fri, 13 Mar 2015 06:38:02 +0000
- To: Mike West <mkwst@google.com>
- CC: WebAppSec WG <public-webappsec@w3.org>
> On 13 Mar 2015, at 5:35 pm, Mike West <mkwst@google.com> wrote: > > On Fri, Mar 13, 2015 at 5:48 AM, Nottingham, Mark <mnotting@akamai.com> wrote: > A) This is a horrible, horrible name. > > It's "horrible horrible"? Not just "horrible"? In that case, we should change it! I will remember that trick... > I'd suggest either: > > Prefer: redir2sec > > ... or creating another, even shorter request header altogether (they're cheap). > > `Prefer: https`? OooooooOOOoh > > I really don't have strong opinions about how this should be spelled, as I think we're agreeing on the concept that lies behind the bits on the wire. > > B) If the server is making decisions based upon the presence or absence of this directive, it needs to either be a) uncacheable or b) listed in Vary. > > This example you provided looks good to me, thanks! > > (Note that Connection: keep-alive is *not* relevant in HTTP/1.1). > > This is why it's good to have expert review. :) > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) -- Mark Nottingham mnot@akamai.com https://www.mnot.net/
Received on Friday, 13 March 2015 06:38:31 UTC