W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: HTTP/2.0 -04 candidate

From: Albert Lunde <atlunde@panix.com>
Date: Tue, 02 Jul 2013 08:21:34 -0500
Message-ID: <51D2D3DE.8080508@panix.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 7/2/2013 12:22 AM, Sam Pullara wrote:
> It looks like that this could be an issue:
>     The header fields in PUSH_PROMISE MUST include the ":scheme", ":host"
>     and ":path" header fields that identify the resource that is being
>     pushed.  A PUSH_PROMISE always implies an HTTP method of GET.  If a
>     client receives a PUSH_PROMISE that does not include these header
>     fields, or a value for the ":method" header field, it MUST respond
>     with a stream error (Section 5.4.2  <http://tools.ietf.org/html/draft-unicorn-httpbis-http2-00#section-5.4.2>) of type PROTOCOL_ERROR.
> I suggest that you limit to same origin and remove the :schema and the
> :host. It is quite probable that a different host, even if could be
> served from the same IP address, actually resolves to a different IP
> address when the client resolves it. Even the same :host could resolve
> to a different IP address.

A case where this could become less obvious might be a server or cluster 
of servers offering a number of name-based virtual hosts. It's fairly 
common for a virtual host to have two or four aliases.

Also, there may be shared resources the server knows about that aren't 
obviously related to a client's view of  "origins", like a host name 
used to serve particular media types or groups of content, such as 
shared styles, images, or sounds.
Received on Tuesday, 2 July 2013 13:22:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC