http-extensions
http-extensions copied to clipboard
httpwg
HTTP Extensions in progress
RFC 6265 says > let the expiry-time be the current date and time plus delta-seconds seconds Another, more recent, HTTP header with a "max-age" field is Alt-Svc: in RFC 7838....
An Alternative Service is bound to a location for a specified period of time; with the header filed, the `ma` parameter. That works reasonably well when the alternative service is...
@LPardue suggests that the effect and risk of fallback from a failed alternative should be discussed in the Security Considerations. https://www.rfc-editor.org/errata/eid6481
Would it make sense/be possible to take the port into account as well for "schemeful-cookies" (making them same-origin cookies)? For `http:` `localhost`-bound applications, the ability to scope the cookies per...
Per @chlily1's comment in https://github.com/httpwg/http-extensions/issues/1210#issuecomment-893891032, it'd be worth updating the 'Storage Model' section to add restrictions on `cookie-name`, `cookie-value`, and the attribute values to account for characters that would break...
In #1691 we are discussing the use of ORIGIN and it appears that there are some differences in how Alt-Svc is implemented when it comes to coalescing. If you think...
We should find space to discuss the implications of ORIGIN as it relates to Alt-Svc usage. Basic idea: an alternative service fails for an origin if ORIGIN frames are received...
@LPardue cites the following text: > Furthermore, if the connection to the alternative service fails or is unresponsive, the client MAY fall back to using the origin or another alternative...
The SVCB draft integrates a bunch of text on ECH. We should consider whether there are any changes that we would like to make to alternative services. It is probably...