- From: Mike West <mkwst@google.com>
- Date: Fri, 13 Mar 2015 07:35:54 +0100
- To: "Nottingham, Mark" <mnotting@akamai.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
Received on Friday, 13 March 2015 06:36:41 UTC
On Fri, Mar 13, 2015 at 5:48 AM, Nottingham, Mark <mnotting@akamai.com> wrote: > A) This is a horrible, horrible name. > It's "horrible horrible"? Not just "horrible"? In that case, we should change it! I'd suggest either: > > Prefer: redir2sec > > ... or creating another, even shorter request header altogether (they're > cheap). > `Prefer: https`? I really don't have strong opinions about how this should be spelled, as I think we're agreeing on the concept that lies behind the bits on the wire. > B) If the server is making decisions based upon the presence or absence of > this directive, it needs to either be a) uncacheable or b) listed in Vary. > This example you provided looks good to me, thanks! > (Note that Connection: keep-alive is *not* relevant in HTTP/1.1). > This is why it's good to have expert review. :) -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 13 March 2015 06:36:41 UTC