W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: Fetch: HTTP authentication and CORS

From: Jonas Sicking <jonas@sicking.cc>
Date: Sat, 4 May 2013 22:39:46 -0700
Message-ID: <CA+c2ei9=7N5OD4BSVmuqoNr_8H0Bqvu38Js9zTQxZNwmPftdqw@mail.gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Cc: WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
I really don't know which spec is defining how/when we reuse http
connections. All I know is that we have a pool of open TCP connections
that were used for previous http requests. We don't use that pool when
making credential-less CORS requests. We instead use a separate pool,
specifically for credential-less CORS requests.

Sorry I can't be more precise. I'm happy to point people to the
relevant code if needed.

/ Jonas

On Sat, May 4, 2013 at 3:58 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
> * Jonas Sicking wrote:
>>On May 4, 2013 1:29 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:
>>> On Fri, May 3, 2013 at 7:00 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>>> > We also don't reuse keep-alive http connections.
>>> Are we talking about persistent connections as per
>>> http://tools.ietf.org/html/rfc2616#section-8.1 or the obsolete
>>> HTTP/1.0 feature?
>>In the sense of the keep-alive header. I'm not sure, but I think it was
>>defined in HTTP 1.1.
> It's extremely unlikely that the `Keep-Alive` header is special here.
> It rather seems to me you meant "We also don't reuse http connections."
> A HTTP connection has to be persistent, has to be kept alive, in order
> for it to be re-used, and how or why a connection is "kept alive" does,
> most probably, not affect whether Firefox will re-use it in your sense
> above. And no, HTTP/1.1 as defined in RFC 2616 does not use the `Keep-
> Alive` header.
> --
> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Sunday, 5 May 2013 05:40:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC