- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 26 Sep 2017 09:59:15 +1000
- To: Mike Bishop <Michael.Bishop@microsoft.com>
- Cc: Bence Béky <bnc@chromium.org>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>, mnot <mnot@mnot.net>, Erik Nygren <erik@nygren.org>
On Tue, Sep 26, 2017 at 9:50 AM, Mike Bishop <Michael.Bishop@microsoft.com> wrote: > I'm suggesting that you don't close ORIGIN-using connections if they appear to be proper subsets of non-ORIGIN-using connections. Ah. Sure. It's a stronger signal, so I agree. If you connect to api.example.com and get ORIGIN, the fact that your connection to www.example.com has a wildcard for *.example.com shouldn't cause you to drop a perfectly good connection. That is something we should write down, maybe with a SHOULD on it. I was more concerned about what you do with non-ORIGIN-using connection here (which might only be a transient state). I think that we should also write down that ORIGIN SHOULD be sent before any responses and that once responses have been received, the client MAY assume that the server doesn't support ORIGIN. Is that a fair assessment of where we are at?
Received on Monday, 25 September 2017 23:59:38 UTC