- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 13 Apr 2016 17:50:48 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Cc: Mike West <mkwst@google.com>
At the WG meeting in B-A, I tangentially wondered aloud about whether we should define a header in the form: Sec-Scheme: https Because it's prefixed with `Sec-`, browsers won't allow its modification (e.g., in XHR), so its value is relatively trustworthy from browser clients. Because it's a header, rather than a pseudo-header (like :scheme), it's "end to end" -- it gets exposed to the application (e.g., through PHP, CGI, whatever) via standard APIs. As such, it's much more realistic to consume. What do people think -- would such a thing be useful? -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 13 April 2016 07:51:17 UTC