- From: Michael Sweet <msweet@apple.com>
- Date: Tue, 02 Jul 2013 08:52:41 -0400
- To: Sam Pullara <spullara@gmail.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Shigeki Ohtsu <ohtsu@iij.ad.jp>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-id: <A0D456CF-49BB-4F6B-B96F-0B6790BDD26A@apple.com>
+1 On 2013-07-02, at 1:22 AM, Sam Pullara <spullara@gmail.com> wrote: > It looks like that this could be an issue: > > The header fields in PUSH_PROMISE MUST include the ":scheme", ":host" > and ":path" header fields that identify the resource that is being > pushed. A PUSH_PROMISE always implies an HTTP method of GET. If a > client receives a PUSH_PROMISE that does not include these header > fields, or a value for the ":method" header field, it MUST respond > with a stream error (Section 5.4.2) of type PROTOCOL_ERROR. > > I suggest that you limit to same origin and remove the :schema and the :host. It is quite probable that a different host, even if could be served from the same IP address, actually resolves to a different IP address when the client resolves it. Even the same :host could resolve to a different IP address. Also, do you really want the resource to use a different scheme than the original request? My suggestion on this is to limit PUSH_PROMISE to same origin and require only the :path header field to be set. Simplifies things quite a bit and the client should already know the :schema and :host header. > > Sam > > On Jul 1, 2013, at 9:37 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > >> Thanks, this was a bit rushed in parts so I potentially botched a few edits. Pull requests much appreciated, especially for the small stuff. >> >> On Jul 1, 2013 9:30 PM, "Shigeki Ohtsu" <ohtsu@iij.ad.jp> wrote: >> Thanks for your great work. >> >> I've just read through the draft and submited a PR for some editrial fixes againt a layering branch. >> https://github.com/http2/http2-spec/pull/157 >> Please review it. If the PR to the branch is not good for fix, pelase let me know it. >> >> Regards, >> >> (2013/07/02 9:23), Martin Thomson wrote: >> Those people who volunteered to contribute to the layering work in the >> SF interim have come up with something. This includes a restructuring >> of the content. >> >> Since the changes are large in scope, we're not submitting this as >> draft-ietf-httpbis-http2-04. I've put this up as an individual >> submission so that people can comment on structure, text, omissions: >> >> http://tools.ietf.org/html/draft-unicorn-httpbis-http2-00 >> >> Note: This is a proposal for the content of the >> draft-ietf-httpbis-http2-04. Please let us know - as soon as possible >> - if the idea of this becoming a -04 offends you somehow. >> >> This draft includes resolutions to all the issues on our milestone, >> with the exception of two (#75: default priorities, #17: opaque data >> in GOAWAY and RST_STREAM), which I plan to address tomorrow. >> >> Now, most of the final pass is my fault (with a little help from the >> github unicorn), so blame me for all the bad stuff and praise Jeff and >> James for providing all the good stuff. >> >> >> > _________________________________________________________ Michael Sweet, Senior Printing System Engineer, PWG Chair
Received on Tuesday, 2 July 2013 12:53:11 UTC