:scheme, was: consensus on :query ?

While we are talking about decomposing the uri into it's component

why are we sending :scheme?

It's not something that I would trust from a client anyway.

If the connection is not TLS and the request says https, then I'm not going
to believe it.  The only way I'll upgrade a request to https is with some
secret handshake with my SSL offloader via a special privileged port that
will probably nail all requests to https regardless of what the header says.

If the connection is TLS and the scheme says http, then I guess that tells
me something... that it is not TLS end to end, but then I don't know if I'm
meant to be trusting the hop or the end to end.    It's landing on my
server as https... so I guess it is.

Or is scheme meant to be optional, as in h1 allowing an absolute URL to be
sent in the request line?

Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Thursday, 24 July 2014 04:35:54 UTC