- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 1 Nov 2016 09:41:56 +1100
- To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
Hold on -- are we layering in a new requirement to use the absolute form of the URL? That's going to cause issues with a number of client and server side implementations that don't have control over or access to the precise form of the URL on the wire. It also violates a MUST in 7230, 5.3.1: """ When making a request directly to an origin server, other than a CONNECT or server-wide OPTIONS request (as detailed below), a client MUST send only the absolute path and query components of the target URI as the request-target. If the target URI's path component is empty, the client MUST send "/" as the path within the origin-form of request-target. """ Cheers, > On 31 Oct. 2016, at 4:32 pm, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote: > > | https://github.com/httpwg/http-extensions/pull/254 > | > | The main changes: > | > | - the .well-known resource is a flat list of origins > > ( no comment about that yet. ) > > | - the client only needs to acquire a .wk from the secured server > > Hmm. Reading it from original and from the secured server > gives little more verify that they really are giving same answers. > > | - the draft explicitly allows HTTP/1.1 > > https://github.com/httpwg/http-extensions/blob/967aa51e513e4a2eea39ce6b2a37789be05c9483/draft-ietf-httpbis-http2-encryption.md#using-http-uris-over-tls > > | Note that HTTP/1.1 requests MUST use the absolute form (see Section 5.3.2 of {{RFC7230}}). > > Yes, I suggested that. > > Example needs also to use absolute form here: > > https://github.com/httpwg/http-extensions/blob/967aa51e513e4a2eea39ce6b2a37789be05c9483/draft-ietf-httpbis-http2-encryption.md#alternative-server-opt-in-auth > > | GET /.well-known/http-opportunistic HTTP/1.1 > | Host: www.example.com > > > ( I think that I mentioned that example also. ) > > So it should be > > | GET http://www.example.com/.well-known/http-opportunistic HTTP/1.1 > | Host: www.example.com > > > ( Seems that "Host" header is required also when absolute form is used. > That I missed last time > https://lists.w3.org/Archives/Public/ietf-http-wg/2016OctDec/0097.html > ) > > / Kari Hurtta > > -- Mark Nottingham https://www.mnot.net/
Received on Monday, 31 October 2016 22:42:30 UTC