Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01) from Eran Hammer-Lahav on 2009-02-11 (www-talk@w3.org from January to February 2009)

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Wed, 11 Feb 2009 12:55:25 -0700
To: Adam Barth <w3c@adambarth.com>
CC: "www-talk@w3.org" <www-talk@w3.org>
Message-ID: <C5B86D2D.1273A%eran@hueniverse.com>

I don't care of this level of pedantry which is why I don't want to use terms that people have a problem agreeing what it means.

There is nothing incorrect about: GET mailto:joe@example.com HTTP/1.1

It might look funny to most people but it is perfectly valid. The protocol is HTTP, the scheme is mailto. HTTP can talk about any URI, not just http URIs. Since this is about *how* /host-meta is obtained, it should talk about protocol, not scheme.

EHL

On 2/11/09 10:18 AM, "Adam Barth" <w3c@adambarth.com> wrote:

On Tue, Feb 10, 2009 at 11:37 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> First, scheme is incorrect here as the scheme does not always determine a specific protocol
> (see 'http' is not just for HTTP saga).

I don't understand this level of pedantry, but if you want host-meta
to be usable by Web browsers, you should use the algorithm in
draft-abarth-origin to compute its scope from its URL.  Any deviations
from this algorithm will introduce cracks in the browser's security
policy.

Adam

Received on Wednesday, 11 February 2009 19:56:14 UTC