-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alt-Svc header host restriction #492
Comments
Discussed in NYC; do it. |
Two questions:
|
Yes, IDNA restrictions apply equally (to bother or neither). The colon sucks, if you want a consistent grammar. (I suppose Host is an exception in that regard.) |
On 2014-06-10 01:32, Martin Thomson wrote:
We already require understanding of quoted-string when processing the Best regards, Julian |
Do we need to clarify whether IP addresses (IPv4 and/or IPv6) are or are not allowed? |
The intent is to allow exactly what's allowed in an HTTP Host header field, which includes IP addresses. See http://greenbytes.de/tech/webdav/rfc3986.html#host So yes, IPv6 addresses would require square brackets. And no, colons would not need any additional escaping. |
Still need to explain what checks need to be done when switching hosts; see http://lists.w3.org/Archives/Public/ietf-http-wg/2014AprJun/1232.html |
When we were originally working on Alt-Svc, Patrick and I put a restriction on the Alt-Svc header field so that it couldn’t redirect clients to a different host.
Since then, several people have pointed out that the requirement to have strong server authentication, as well as cache flushing, seems to contain the risk associated with doing this, and that the facility could be quite useful.
So, I’m suggesting we (re-) add the capability to the header.
The text was updated successfully, but these errors were encountered: