- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Fri, 7 Oct 2016 07:21:23 +0300 (EEST)
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: Mike Bishop <Michael.Bishop@microsoft.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Patrick McManus <mcmanus@ducksong.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
Martin Thomson <martin.thomson@gmail.com>: (Thu Oct 6 03:35:09 2016) > """ > Before using a secure alternative for an http:// origin, a client MUST > first request /.well-known/http-opportunistic at that origin. If this > resource exists and a not-stale 2xx response is obtained, then > requests for the origin MAY be directed toward the secure alternative. > The contents of this resource do not matter. If multiple http:// > origins are coalesced onto the same connection to a secure > alternative, a client MUST obtain an http-opportunistic resource from > each origin separately. > """ Side note: I do not not like existing but empty resource test. I have seen some instructions (for load balancer) that how to convert http 404 to http 200 with empty page (or response). IMHO that conversion is very bad and stupid idea. Mike Bishop: | What if http://.../.w-k/h-o MUST exist (200) and | https:// .../.w-k/h-o MUST NOT exist (404)? If a client | checks both of those things, it has actually proven scheme | handling rather than just asked the server to | promise. Exists, is not empty and does not look like html -page. / Kari Hurtta
Received on Friday, 7 October 2016 04:22:07 UTC