Gil Pedersen

Streams issues impacting older streams implementations, that have issues with never versions of node, can sometimes be caused by the introduction and defaults of the `emitClose` and `autoDestroy` stream constructor...

h2c is super useful for debugging tricky protocol issues using Wireshark, etc.

I don't think that the linked use case is all that valid regarding this feature. I'd say this https://github.com/whatwg/fetch/issues/39#issuecomment-140908410 is much more applicable. Determining whether a resource comes from the...

Hmm... Given that the security concerns would be largely circumvented if the server allows the client to sends `If-Modified-Since`, `If-None-Match`, etc, it might be possible to use this to enable...

Example from nginx: http://nginx.org/en/docs/http/ngx_http_core_module.html#disable_symlinks It is quite expensive to check, as each path component will need a stat lookup. Additionally, a safe implementation of such an option will require `openat()`...

`fs.realpath` can be used to implement the feature, but not in a safe way. Since it operates on the path, there will always be a window of opportunity where it...

Unfortunately the `must-revalidate` parameter [is currently hardcoded in hapi](https://github.com/hapijs/hapi/blob/dc2213c880f16ff6853eccc684782ec888326475/lib/headers.js#L27), and inert cannot change this. It would be nice if hapi had an option to customise this and add other parameters...

I am not a fan of this feature, but this is mainly a performance / implementation complexity concern. The mentioned use-case already has a high-performing solution, so I would be...

Given that the options passed to `h.directory` are probably quite static, the above issue could be fixed by exposing a method to prevalidate them, and allow (or require) the options...

I would consider the automatic remote code execution to be a security issue. One that is all too easy to maliciously exploit through typo-squatting.