Re: Server Push and Content Negotiation

[sorry for the dup post, used the wrong email]

On Wed, Aug 24, 2016 at 7:36 AM, Patrick McManus <>
> Or this all might be another argument about the excessive complexity of
> push - maybe that should be a document :)


On Tue, Aug 23, 2016 at 9:26 PM, Mark Nottingham <> wrote:

> The interaction of Content Negotiation and Server Push isn't really
> specified. Depending on how it's implemented, it could be quite tricky,
> because it seemingly requires the server to guess what the client would
> have sent, in order to negotiate upon it.

This sounds right to me. Though, if the server and client are well-behaved,
the worst-case is wasted bandwidth, not an incorrect response:
- If the server pushes response with a non-empty Vary (or Key) field, it
should make a guess for all headers mentioned in Vary (or Key) and include
those guesses in the PUSH_PROMISE
- The client should is match pushed (request, response) pairs to client
requests using the Vary (or Key) field in the usual way

Additionally, the server needs to know what the base capabilities and
> preferences of the client are, to allow it to select the appropriate
> responses to push. To aid this, servers SHOULD create a PUSH_PROMISE's
> request by copying the values of the request header fields mentioned in the
> `Vary` response header field from the request that is identified by the
> `PUSH_PROMISE` frame's Stream ID.

For fields like Accept-Encoding and User-Agent, that's probably sufficient.
But in general, it's not quite that simple -- e.g., what if the response
has "Vary: Cookie", which can in theory change between requests? You make a
similar observation when talking about how Client Hints might change
between requests. Also see the discussion for "Rule #4" in this doc:

I'd be tempted to go even further and say that PUSH_PROMISE headers SHOULD
> NOT contain `DNT`, `User-Agent`, `Cookie` or similar headers UNLESS they
> were specified in Vary.

I'd agree with that. I would say that PUSH_PROMISE only needs to contain
header fields that describe the cache key of the response (which includes
:method, :scheme, :path, :authority, and any header field referenced by
Vary or Key).

> What do people think -- is this worth specifying? How are implementations
> currently doing this?

Chrome is not doing anything (yet):

I think most readers come to roughly the same conclusion when reading the
RFC, but there is enough uncertainty that I think this is worth specifying
in more detail.

Received on Wednesday, 24 August 2016 17:12:44 UTC