W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: Fetch: HTTP authentication and CORS

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Sun, 05 May 2013 00:58:59 +0200
To: Jonas Sicking <jonas@sicking.cc>
Cc: WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <t14bo8hul5q6j89voc9u9c4c2rmcd9tspl@hive.bjoern.hoehrmann.de>
* Jonas Sicking wrote:
>On May 4, 2013 1:29 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:
>> On Fri, May 3, 2013 at 7:00 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>> > We also don't reuse keep-alive http connections.
>>
>> Are we talking about persistent connections as per
>> http://tools.ietf.org/html/rfc2616#section-8.1 or the obsolete
>> HTTP/1.0 feature?
>
>In the sense of the keep-alive header. I'm not sure, but I think it was
>defined in HTTP 1.1.

It's extremely unlikely that the `Keep-Alive` header is special here.
It rather seems to me you meant "We also don't reuse http connections."
A HTTP connection has to be persistent, has to be kept alive, in order
for it to be re-used, and how or why a connection is "kept alive" does,
most probably, not affect whether Firefox will re-use it in your sense
above. And no, HTTP/1.1 as defined in RFC 2616 does not use the `Keep-
Alive` header.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Saturday, 4 May 2013 22:59:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC