W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Limiting allowable pre-SETTINGS requests

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 06 Jun 2014 23:14:55 +1200
Message-ID: <5391A2AF.6090800@treenet.co.nz>
To: ietf-http-wg@w3.org
On 6/06/2014 10:28 a.m., David Krauss wrote:
> Four kilobytes should be plenty for a proxy to route a stream and
> relieve the buffering pressure by streaming as HPACK was designed to
> do, but someone mentioned proxies peeking at cookies too. It seems
> that we need a closer look at what kind of implementation handles
> which specific use case. These issues arenít specific to extra-simple
> servers.

FWIW the only use-cases I've seen for proxies to peek at Cookie was for
interception proxies to authenticate despite the client-side security
measures, or for load balancers to ensure end-to-end pinning of user
sessions (forcing statefulness on the stateless transfer protocol).
 The WG has decided to ignore interception middleware entirely.
 The Load-balancer use-case is apparently resolved by "just use HTTP/1.1".

Maybe someone has another use case for accessing Cookie but I think the
Load-Balancer case served fine by an HTTP/2 extension between the LB and
the backend servers - provided we are allowed extension frames (or maybe
despite HTTP/2 spec).

Received on Friday, 6 June 2014 11:15:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC