- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Tue, 29 Jul 2014 03:15:45 +1200
- To: ietf-http-wg@w3.org
On 29/07/2014 1:15 a.m., Michael Sweet wrote: > Julian, > > I don't know, but RFC 2817 is pretty explicit about how to do a mandatory upgrade that applies to the connection and not to a particular resource: > > 3.2 Mandatory Upgrade > > If an unsecured response would be unacceptable, a client MUST send an > OPTIONS request first to complete the switch to TLS/1.0 (if > possible). > > OPTIONS * HTTP/1.1 > Host: example.bank.com > Upgrade: TLS/1.0 > Connection: Upgrade > > I think that's the crux - "*" has a different semantic than "/", and in HTTP/1.x you can't pass an empty path on the request line. On 24 July 2014 03:34, Kari Hurtta wrote: > OPTIONS http://some.host HTTP/1.1 Amos
Received on Monday, 28 July 2014 15:16:21 UTC