- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 7 Sep 2016 13:52:28 +1000
- To: Tom Bergan <tombergan@chromium.org>
- Cc: Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On 25 Aug 2016, at 3:12 AM, Tom Bergan <tombergan@chromium.org> wrote: > > On Tue, Aug 23, 2016 at 9:26 PM, Mark Nottingham <mnot@mnot.net> wrote: >> The interaction of Content Negotiation and Server Push isn't really specified. Depending on how it's implemented, it could be quite tricky, because it seemingly requires the server to guess what the client would have sent, in order to negotiate upon it. > > This sounds right to me. Though, if the server and client are well-behaved, the worst-case is wasted bandwidth, not an incorrect response: > - If the server pushes response with a non-empty Vary (or Key) field, it should make a guess for all headers mentioned in Vary (or Key) and include those guesses in the PUSH_PROMISE > - The client should is match pushed (request, response) pairs to client requests using the Vary (or Key) field in the usual way Right. One complicating factor is how closely current clients follow <http://httpwg.org/specs/rfc7234.html#caching.negotiated.responses>, versus using their own heuristics. >> Additionally, the server needs to know what the base capabilities and preferences of the client are, to allow it to select the appropriate responses to push. To aid this, servers SHOULD create a PUSH_PROMISE's request by copying the values of the request header fields mentioned in the `Vary` response header field from the request that is identified by the `PUSH_PROMISE` frame's Stream ID. > > For fields like Accept-Encoding and User-Agent, that's probably sufficient. But in general, it's not quite that simple -- e.g., what if the response has "Vary: Cookie", which can in theory change between requests? You make a similar observation when talking about how Client Hints might change between requests. Also see the discussion for "Rule #4" in this doc: > https://docs.google.com/document/d/1K0NykTXBbbbTlv60t5MyJvXjqKGsCVNYHyLEXIxYMv0 Don't push something with Vary: Cookie? :) Otherwise, the client is going to have to get into the business of checking a request to figure out "would I have sent that request?" Making that more complicated is the secondary question, "when?", because things like cookies can change quite quickly. Client Hints is a bit easier, because AIUI the response is still presumed to be usable by the client, even if the hints don't line up. >> I'd be tempted to go even further and say that PUSH_PROMISE headers SHOULD NOT contain `DNT`, `User-Agent`, `Cookie` or similar headers UNLESS they were specified in Vary. > > I'd agree with that. I would say that PUSH_PROMISE only needs to contain header fields that describe the cache key of the response (which includes :method, :scheme, :path, :authority, and any header field referenced by Vary or Key). > >> What do people think -- is this worth specifying? How are implementations currently doing this? > > Chrome is not doing anything (yet): > https://bugs.chromium.org/p/chromium/issues/detail?id=554220 > > I think most readers come to roughly the same conclusion when reading the RFC, but there is enough uncertainty that I think this is worth specifying in more detail. -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 7 September 2016 03:53:00 UTC