Re: #144: Attacks from Same Host (OppSec)

OK, I've taken a stab at this here:
  https://github.com/httpwg/http-extensions/commit/c7324f4804f

Martin, I just left the HTTP-TLS stuff in for now; Martin, do you want to try to integrate it into the well-known stuff?

Cheers,


> On 3 Mar 2016, at 11:15 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 3 March 2016 at 10:18, Mark Nottingham <mnot@mnot.net> wrote:
>>> If the alternative is actually an alternative, the .well-known
>>> solution should produce files in both places.  So checking both won't
>>> just especially.
>> 
>> parse error
> 
> ...clucking autocorrect.  I mean to say that checking both won't hurt
> especially.  It might slow switchover times, but alt-svc was never
> going to fast because it doesn't need to be.
> 

--
Mark Nottingham   https://www.mnot.net/

Received on Tuesday, 8 March 2016 02:55:25 UTC