Associating Alt-Svc header with an origin

[mnot]

I think we need to be REALLY careful about making assertions about an origin in a response, given things like pretty-bad-proxy.

Section 3 says:

Alt-Svc MAY occur in any HTTP response message, regardless of the status code.

That's way too broad. For example, what if it's in response to a CONNECT -- will clients associate it with the origin?

I think the resolution of this will need to reference this:
http://httpwg.github.io/specs/rfc7231.html#identification

[mnot]

Discussed in HNL; editorial.

[mnot]

Suggest:

"Alt-Svc MUST be ignored in messages whose payloads are not the payload is known to be a representation of the resource identified by the effective request URI (see [RFC7231], Section 3.1.4.1)."

[martinthomson]

Suggestion does not parse.

[mnot]

2nd try:

"Alt-Svc MUST be ignored in messages whose payloads are not known to be a representation of the resource identified by the effective request URI (see [RFC7231], Section 3.1.4.1)."

[martinthomson]

Yeah, a little laboured, but fine.

[mnot]

Thinking about this a bit more, that's probably not a good match; it means that Alt-Svc has to be ignored on most POST responses, which is weird.

Perhaps we just need a caveat;

"Alt-Svc MAY occur in any HTTP response message, regardless of the status code. Note that recipients of Alt-Svc are free to ignore the header field (and indeed are require to in some situations; see [ref to 2.1])."

?

[reschke]

WFM.