On 24 July 2014 15:02, Adrien de Croy <adrien@qbik.com> wrote:
> so that when a client sends the http2 equivalent of
>
> GET ftp://ftp.somewhere.com/file /HTTP/1.1
>
> to a proxy, we can do it.
>
That's a reasonable usage.
But distinguishing between http and https is not. Can't we just not send
the scheme for HTTP and if we do then it should just be http and never
https. At the very least we should point out that :scheme is not a
trusted value and just because it says https does not mean the request is
secure.
There is plenty of code out that that implements the equivalent of
boolean isSecure() { return "https".equals(getScheme()); }
https://www.google.com.au/search?q=isSecure+%22https%22.equals+getScheme%28%29
--
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com advice and support for jetty and cometd.