#73: Alt-Svc Elevation of Privilege

<https://github.com/httpwg/http-extensions/issues/73>

This issue asks if allowing a header to advertise an alternative on another port (but still on the same host) is adequate, since in some shared hosting environments, users will have the ability to add response headers, as well as listen on other ports.

Erik has suggested in the issue that it might be helpful to limit these to privileged ports — i.e., those lower than 1024. I'm assuming such a restriction would be in place if the origin port were also privileged. 

What do people think?

--
Mark Nottingham   https://www.mnot.net/

Received on Monday, 8 June 2015 01:46:33 UTC