Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ORIGIN: reject origins on non-authoritative connection. #385

Closed
wants to merge 1 commit into from
Closed

ORIGIN: reject origins on non-authoritative connection. #385

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 2 additions & 1 deletion draft-ietf-httpbis-origin-frame.md
View file
Open in desktop
Expand Up @@ -196,7 +196,8 @@ Note that for a connection to be considered authoritative for a given origin, th
required to obtain a certificate that passes suitable checks; see {{!RFC7540}}
Section 9.1.1 for more information. This includes verifying that the host matches a `dNSName` value
from the certificate `subjectAltName` field (using the wildcard rules defined in {{!RFC2818}}; see
also {{!RFC5280}} Section 4.2.1.6).
also {{!RFC5280}} Section 4.2.1.6). Clients MUST reject ORIGIN with an origin that does not pass those
checks by treating it as a connection error ({{!RFC7540}}, Section 5.4.1) of type PROTOCOL_ERROR.

Additionally, clients MAY avoid consulting DNS to establish the connection's authority for new
requests; however, those that do so face new risks, as explained in {{sc}}
Expand Down