- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 27 Jul 2024 10:18:34 +0200
- To: ietf-http-wg@w3.org
On 26.07.2024 00:27, Josh Cohen wrote: > On the httpwg agenda at IETF 120 were a proposal for a new QUERY method > and Braid, which has subscription functionality that overloads the GET > method. > > What I am curious about is if, at this point in the evolution of the > web, it is now safe to add new methods for new functionality. I've been > reading up on HTTP/2/3 and it seems that nowadays, connections are > end-to-end secure and are essentially tunneled through middle boxes, > including HTTP/1.1 proxies. I'm still just wrapping my head around > MASQUE, but it looks like it can handle arbitrary methods. Similarly > origin servers have evolved to support arbitrary methods. It always has been "safe", when https was used. > ... > In the Braid internet draft[3], section 2.5 states: > > > If the request contains a Subscribe header, then it SHOULD > additionally leave the request open and subscribe the client to > future updates. Otherwise, it should close the connection after > sending the updates. > > That imposes semantics at the connection level which are different from > the norm. In HTTP/1.1, the Connection header specifies whether to keep > the connection open. In HTTP/2/3, the Connection header is prohibited. > ... That sounds really problematic; method definitions can not override connection semantics. Best regards, Julian
Received on Saturday, 27 July 2024 08:18:40 UTC