RE: [Proposal]: Set origin-wide policies via a manifest.

• From: Mike O'Neill <michael.oneill@baycloud.com>
• Date: Thu, 28 Jul 2016 16:30:10 +0100
• To: "'Anne van Kesteren'" <annevk@annevk.nl>
• Cc: "'Mike West'" <mkwst@google.com>, "'Brad Hill'" <hillbrad@gmail.com>, "'Patrick Toomey'" <patrick.toomey@github.com>, "'Joel Weinberger'" <jww@google.com>, "'Devdatta Akhawe'" <dev.akhawe@gmail.com>, "'WebAppSec WG'" <public-webappsec@w3.org>
• Message-ID: <3ec801d1e8e4$ede991f0$c9bcb5d0$@baycloud.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, but how common would that be and why couldn’t the server get the info it needs by encoding it (with the port etc.) in a cookie?

- -----Original Message-----
From: Anne van Kesteren [mailto:annevk@annevk.nl] 
Sent: 28 July 2016 16:18
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: Mike West <mkwst@google.com>; Brad Hill <hillbrad@gmail.com>; Patrick Toomey <patrick.toomey@github.com>; Joel Weinberger <jww@google.com>; Devdatta Akhawe <dev.akhawe@gmail.com>; WebAppSec WG <public-webappsec@w3.org>
Subject: Re: [Proposal]: Set origin-wide policies via a manifest.

On Thu, Jul 28, 2016 at 5:13 PM, Mike O'Neill
<michael.oneill@baycloud.com> wrote:
> When is it necessary to send anything other than 1?

When you want to prevent the server from sending it to you using H2
push without having to send an additional cancel stream. You
acknowledged that scenario earlier in this thread...


- -- 
https://annevankesteren.nl/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using gpg4o v3.5.54.6734 - http://www.gpg4o.com/
Charset: utf-8

iQIcBAEBAgAGBQJXmiUBAAoJEOX5SQClVeMPAZQQAJc4yfJZ00SAu1Q36lBAWrVk
0dIVKplBO7SbWXom4AM74khZRLUYC5BwfGPy8uK++T52nbjyzhNpHF+1hFH3l4aO
J62TqTl5ljm8zFQ4SoYhJ+PMfKOfUCUQNIZgc7lOHm8CcBP7hyCPB0CvOECyuGVu
PVyLpj8OlpfOUdffobwkWXZ/jGWsDakpIUQdSF7kP495hAfyEc4YOXwCoz6y2SFk
dvCSzrpdZeMFHcZGtGB1Kru56soKc/a3c0jbQo3IhJXK3NwGYIxaBMfvLooFFaUe
v2ZiJ0j6MbiZkQtLEcR8bJOh5RiMY+sv324qFyfbMFAz9QBc9l8Aei5yYA4SAiCu
XvrFRhiYfdXYqcHDtLgvfC2GNEVknJWoHbnSIvAcrcSm4mqeBddMAJR1PzNveK4c
FivEi8nEdLlFWWJ2YddPFJaGnOthCHKaGW4AT1DCAIjbvaidpRoZhuVzj3OO8TW1
UN/mG8TDjF9QCMdwUpjVsvjNWZkk11cJ8GMrrCMrcGmk4qq+t7WPi5LDvrZuAaFr
KQ6OXPk4rlvpJh3YYeeZapIEXorRqU9t2y06oOh9nLUCg4Qqv7lZPT6xFQoyJjNf
hbzRFltmQnzDE7FNdWoJn05Edsst1yRj4CDr5CuCb6qKhxRYVW9STwD5zAd7uMdi
9ImJcQuWQCBieUq+BMrU
=pwCd
-----END PGP SIGNATURE-----

Received on Thursday, 28 July 2016 15:30:46 UTC