Re: Sec-Scheme request header?

On 13 April 2016 at 10:41, Patrick McManus <mcmanus@ducksong.com> wrote:
> I think we were discussing the general milieu of request routing complexity
> (421, coalescing, alt-svc, etc..).. and how the scheme was the one part of
> the origin that isn't always available to the final consumer of the request
> whether that is because it is h1 and not in the request at all, or whether
> it is because in h2 it is carried in a transport level colon header..


Mark suggested that all existing places that carry a scheme might end
up being eroded, by virtue of them being known to intermediaries and
stacks and the like.  For example, most server software gently
converts absolute URIs into a bare path (sometimes ignoring the
authority part, IIRC).

The Sec-Scheme idea was a way of getting an unequivocal signal from
the client to the code serving a resource without all that mess
getting in the way.

Why this wouldn't also be eroded in the same way is down to freshness.
Next time, we'll try Sec-NoIMeanIt-Scheme. </snark>

Received on Wednesday, 13 April 2016 13:53:44 UTC