Re: Fwd: draft-richsalz-httpbis-https-downgrade-00.txt

On 13/03/19 12:44 am, Alessandro Ghedini wrote:
> Hello,
> On Mon, Mar 11, 2019 at 10:52:55PM -0400, Erik Nygren wrote:
> 3. "Protocol-To-Origin: cleartext" header: this makes sense I think. I imagine
>    browsers are unlikely to add a special error for this, so it would end-up
>    being treated like plaintext HTTP requests, which might encourage people to
>    try to fix this. Are there other clients that could use this?
>    But to be able to do this the header should be standardized. Is a BCP
>    enough for this? Until there's an actual standard header, it doesn't seem
>    like it would be possible to implement.

We already have the Forwarded header defined for this use.

CDN's typically erase such headers to hide their internal structures.
Making yet another header to expose the details will not change that
behaviour, only conflate the set of rarely used headers.


Received on Tuesday, 12 March 2019 16:06:52 UTC