Associating Alt-Svc header with an origin #21
I think we need to be REALLY careful about making assertions about an origin in a response, given things like pretty-bad-proxy.
Section 3 says:
That's way too broad. For example, what if it's in response to a CONNECT -- will clients associate it with the origin?
I think the resolution of this will need to reference this:
Thinking about this a bit more, that's probably not a good match; it means that Alt-Svc has to be ignored on most POST responses, which is weird.
Perhaps we just need a caveat;
"Alt-Svc MAY occur in any HTTP response message, regardless of the status code. Note that recipients of Alt-Svc are free to ignore the header field (and indeed are require to in some situations; see [ref to 2.1])."