On Tue, Jun 30, 2015 at 4:26 PM, Richard Barnes <rbarnes@mozilla.com> wrote:
>
> If you happen to have a pointer handy, I would be interested to take a
> look at the history here.
>
https://github.com/w3c/webappsec/issues/216
> It does seem like Supported is different from Prefer. It's more like
> Accept -- it's OK if you send me content that depends on $FEATURE.
>
I'll defer to people who know things about caching, but it seems like it
would end up in the same bucket as `Prefer` if it's possible to have more
than one supported value.
> Still, this is a totally reasonable direction to move in. If we're fine
>> with the length, then why not `upgrade-insecure-requests: Totally
>> supported! Gimmie that HTTPS, please.`
>>
>
> Adding header bloat to HTTP/1.1 seems like a feature, not a bug :)
>
I am totally going to use exactly this claim if/when I ever get around to
rekindling the origin cookie discussion, where I'm pretty sure you argued
exactly the opposite. :)
> For h2 users, there should be no need to use this thing
>
Why not? I suspect mixed content will still exist for folks who migrate to
HTTP/2.
-mike