Return-Path: X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EEFE127077 for ; Tue, 23 Aug 2016 22:23:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.469 X-Spam-Level: X-Spam-Status: No, score=-7.469 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDvvcq_Zx5bZ for ; Tue, 23 Aug 2016 22:23:47 -0700 (PDT) Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06D0B128E19 for ; Tue, 23 Aug 2016 22:23:47 -0700 (PDT) Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from ) id 1bcPmR-0003Zb-SF for ietf-http-wg-dist@listhub.w3.org; Wed, 24 Aug 2016 04:27:11 +0000 Resent-Date: Wed, 24 Aug 2016 04:27:11 +0000 Resent-Message-Id: Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1bcPmC-0003Xl-9P for ietf-http-wg@listhub.w3.org; Wed, 24 Aug 2016 04:26:56 +0000 Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1bcPmA-0006Rj-Eb for ietf-http-wg@w3.org; Wed, 24 Aug 2016 04:26:55 +0000 Received: from [192.168.3.104] (unknown [124.189.98.244]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 00AF522E1FA for ; Wed, 24 Aug 2016 00:26:32 -0400 (EDT) From: Mark Nottingham Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: Date: Wed, 24 Aug 2016 14:26:31 +1000 To: HTTP Working Group Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net X-W3C-Hub-Spam-Status: No, score=-8.3 X-W3C-Hub-Spam-Report: AWL=1.351, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1 X-W3C-Scan-Sig: maggie.w3.org 1bcPmA-0006Rj-Eb f067172a2cb2edd871599312833706d8 X-Original-To: ietf-http-wg@w3.org Subject: Server Push and Content Negotiation Archived-At: Resent-From: ietf-http-wg@w3.org X-Mailing-List: archive/latest/32338 X-Loop: ietf-http-wg@w3.org Resent-Sender: ietf-http-wg-request@w3.org Precedence: list List-Id: List-Help: List-Post: List-Unsubscribe: The interaction of Content Negotiation and Server Push isn't really = specified. Depending on how it's implemented, it could be quite tricky, = because it seemingly requires the server to guess what the client would = have sent, in order to negotiate upon it. However, it becomes much simpler if we assume that the client SHOULD NOT = check a `PUSH_PROMISE` request's headers to see whether or not it would = have sent that request. This means, for example, that if you `PUSH_PROMISE` the "wrong" = `User-Agent`, `Accept-Encoding`, `User-Agent` or even `Cookie` header = field, the client SHOULD still use the pushed response; all they're = looking for is a matching request method and URL. However, this does imply a few things: * The pushed request and response MUST still "agree"; i.e., if you're = using gzip encoding, `Accept-Encoding` and `Content-Encoding` should be = pushed with appropriate values. * The pushed response MUST have an appropriate `Vary` header field, if = it is cacheable. This is so that the cache operates properly. Additionally, the server needs to know what the base capabilities and = preferences of the client are, to allow it to select the appropriate = responses to push. To aid this, servers SHOULD create a PUSH_PROMISE's = request by copying the values of the request header fields mentioned in = the `Vary` response header field from the request that is identified by = the `PUSH_PROMISE` frame's Stream ID. So, for example, if the first request for a page had the following = headers: ~~~ :method: GET :scheme: https :authority: www.example.com :path: / User-Agent: FooAgent/1.0 Accept-Encoding: gzip, br Accept-Language: en, fr Accept: text/html,s application/example, image/* Cookie: abc=3D123 ~~~ and the server wishes to push these response headers for `/style.css`: ~~~ :status: 200 Content-Type: text/css Cache-Control: max-age=3D3600 Content-Encoding: gzip Vary: Accept-Encoding ~~~ then it should use these headers for the `PUSH_PROMISE`: ~~~ :method: GET :scheme: https :authority: www.example.com :path: /style.css Accept-Encoding: gzip, br ~~~ This approach has its limits. For example, use of Client Hints might not = be practical with server push (since in some circumstances, hints might = change between the base page request and the request for what's been = pushed). I'd be tempted to go even further and say that PUSH_PROMISE headers = SHOULD NOT contain `DNT`, `User-Agent`, `Cookie` or similar headers = UNLESS they were specified in Vary. What do people think -- is this worth specifying? How are = implementations currently doing this?=20 -- Mark Nottingham https://www.mnot.net/