- From: Nathan <nathan@webr3.org>
- Date: Wed, 19 May 2010 20:46:11 +0100
- To: Henrik Nordström <henrik@henriknordstrom.net>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Henrik Nordström wrote: > ons 2010-05-19 klockan 15:36 +0100 skrev Nathan: > >> I've hit on a scenario where we'd like to identify resource with http >> scheme URIs; where safe methods are exposed via standard HTTP, whereas >> unsafe methods (in this case PUT and DELETE) would be exposed via HTTPS. > > Content-Location can be used to hint about this. If both http and https > respond with the same https content location then clients will have a > hint that they are the same and also a hint that this location should be > used when updating the resource. Nice answer, especially as I my follow up question (dependant on response) was going to be "and how would one hint or assert that HTTPS should be used for updates" - but you've covered that too! >> The HTTP spec specifies "The PUT method requests that the enclosed >> entity be stored at the supplied request-target." and under p1 messaging >> 4.2 "The exact resource identified by an Internet request is determined >> by examining both the request-target and the Host header field." > > Right. There is an unintentional gap there. http != https, but the above > fails to account for that. Could that be clarified with a note or suchlike in HTTPbis? Many thanks, Nathan
Received on Wednesday, 19 May 2010 19:47:14 UTC