Re: :scheme, was: consensus on :query ?

On 24 July 2014 23:32, Patrick McManus <> wrote:

> But just as you check the security context against the :path, you also
> check the security context against :scheme.. and sure, receiving https
> without tls is something 7230 says is an error. I think 6455 says the same
> thing about wss. However just because TLS is present doesn't mean https is
> the only acceptable scheme.

OK that makes sense.  I'll take this to the servlet expert group as I think
we should require that isSecure does more than check the scheme and makes
some effort to check context.


Greg Wilkins <> HTTP, SPDY, Websocket server and client that scales  advice and support for jetty and cometd.

Received on Friday, 25 July 2014 00:48:49 UTC