Issue by mnot
Wednesday Jun 04, 2014 at 16:11 GMT
Originally opened as httpwg/http2-spec#492
When we were originally working on Alt-Svc, Patrick and I put a restriction on the Alt-Svc header field so that it couldn’t redirect clients to a different host.
Since then, several people have pointed out that the requirement to have strong server authentication, as well as cache flushing, seems to contain the risk associated with doing this, and that the facility could be quite useful.
So, I’m suggesting we (re-) add the capability to the header.
Wednesday Jun 04, 2014 at 16:11 GMT
Originally opened as httpwg/http2-spec#492
When we were originally working on Alt-Svc, Patrick and I put a restriction on the Alt-Svc header field so that it couldn’t redirect clients to a different host.
Since then, several people have pointed out that the requirement to have strong server authentication, as well as cache flushing, seems to contain the risk associated with doing this, and that the facility could be quite useful.
So, I’m suggesting we (re-) add the capability to the header.