#492: Alt-Svc header host restriction

All,

When we were originally working on Alt-Svc, Patrick and I put a restriction on the Alt-Svc header field so that it couldn’t redirect clients to a different host.

Since then, several people have pointed out that the requirement to have strong server authentication, as well as cache flushing, seems to contain the risk associated with doing this, and that the facility could be quite useful.

So, I’m suggesting we (re-) add the capability to the header.

[ I’ve opened <https://github.com/http2/http2-spec/issues/492> for this ]

--
Mark Nottingham   http://www.mnot.net/

Received on Wednesday, 4 June 2014 16:12:12 UTC