Re: Same resource exposed over HTTP and HTTPS

Henrik Nordström wrote:
> ons 2010-05-19 klockan 15:36 +0100 skrev Nathan:
>> I've hit on a scenario where we'd like to identify resource with http 
>> scheme URIs; where safe methods are exposed via standard HTTP, whereas 
>> unsafe methods (in this case PUT and DELETE) would be exposed via HTTPS.
> Content-Location can be used to hint about this. If both http and https
> respond with the same https content location then clients will have a
> hint that they are the same and also a hint that this location should be
> used when updating the resource.

Nice answer, especially as I my follow up question (dependant on 
response) was going to be "and how would one hint or assert that HTTPS 
should be used for updates" - but you've covered that too!

>> The HTTP spec specifies "The PUT method requests that the enclosed 
>> entity be stored at the supplied request-target." and under p1 messaging 
>> 4.2 "The exact resource identified by an Internet request is determined 
>> by examining both the request-target and the Host header field."
> Right. There is an unintentional gap there. http != https, but the above
> fails to account for that.

Could that be clarified with a note or suchlike in HTTPbis?

Many thanks,


Received on Wednesday, 19 May 2010 19:47:14 UTC