Re: [Proposal]: Set origin-wide policies via a manifest. from Ilya Grigorik on 2016-07-27 (public-webappsec@w3.org from July 2016)

From: Ilya Grigorik <ilya@igvita.com>
Date: Thu, 28 Jul 2016 00:55:18 +0200
To: Brad Hill <hillbrad@gmail.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>, Joel Weinberger <jww@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, "Mike O'Neill" <michael.oneill@baycloud.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKRe7JEpvHc38UF=vHt6Dmi8kM6M8kGCUebBrHV7=vDwwpHcUw@mail.gmail.com>

On Thu, Jul 28, 2016 at 12:43 AM, Brad Hill <hillbrad@gmail.com> wrote:

> 2) Another smart person at FB points out that the benefit of having the
> client send which version it is currently enforcing for the domain is that
> you can avoid having to do an H2 push for every request to avoid blocking.
> Seems like a big deal, so maybe the "cookie-like" semantics are a big win,
> after all.


Yep, big +1 to that.

Received on Wednesday, 27 July 2016 22:56:30 UTC