http-extensions
http-extensions copied to clipboard
httpwg
HTTP Extensions in progress
- updates refs into HTTP specs - updates refs into 6962bis (as per https://www.ietf.org/rfcdiff?url1=draft-ietf-trans-rfc6962-bis-42.txt&url2=draft-ietf-trans-rfc6962-bis-30.txt) - this needs review
## I expect - [ ] to obsolete the IANA Digest Algorithms Registry or define another registry - [ ] it can stay as historical ~identify whether and how it...
[RFC 7838](https://datatracker.ietf.org/doc/html/rfc7838#section-2) defines alternate services in terms of ALPN tokens. However, when the client ends up actually using an alternate service, it needs not only the ALPN, but more importantly...
See https://github.com/w3c/preload/issues/114. It seems like Early Hints could potentially violate policies. Or perhaps 1xx responses need to be recommended to also include CSP policies?
> In some cases, the server may choose to respond indirectly to the QUERY request by returning a 3xx Redirection with a Location header field specifying an alternate Request URI...
First, apologies if this is not the right venue for this comment. I'd like to suggest an enhancement to [draft-ietf-httpbis-safe-method-w-body-02](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-safe-method-w-body-02). I work on the [HL7 FHIR](http://hl7.org/fhir/) standard, which is a...
Right now, the spec says: > The "Accept-Query" response header field MAY be used by a server to directly signal support for the QUERY method while identifying the specific query...
If the user agent is configured to reject "public suffixes", cookies with a `Domain` attribute should be [processed](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-07#page-28) according to the Public Suffix List (PSL), which may change frequently. The...
It would be good to have examples that use a well-defined query language incl media type, and a well-defined response media type.
David Slik (https://lists.w3.org/Archives/Public/ietf-http-wg/2022JanMar/0081.html): > Moving query parameters from the request URI to the request body improves overall security, given that the request URI is often cached, stored, logged and otherwise...