Re: 103 (Early Hints) vs. response headers
Willy Tarreau <w@1wt.eu> Thu, 16 March 2017 14:36 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB6E1129492 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 16 Mar 2017 07:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RR2bJX1iT6og for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 16 Mar 2017 07:36:19 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C7EB129519 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 16 Mar 2017 07:36:18 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1coWSB-0002XK-My for ietf-http-wg-dist@listhub.w3.org; Thu, 16 Mar 2017 14:32:35 +0000
Resent-Date: Thu, 16 Mar 2017 14:32:35 +0000
Resent-Message-Id: <E1coWSB-0002XK-My@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <w@1wt.eu>) id 1coWS6-0002WR-IL for ietf-http-wg@listhub.w3.org; Thu, 16 Mar 2017 14:32:30 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by mimas.w3.org with esmtp (Exim 4.84_2) (envelope-from <w@1wt.eu>) id 1coWS0-0002D1-D5 for ietf-http-wg@w3.org; Thu, 16 Mar 2017 14:32:25 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id v2GEVwBi015710; Thu, 16 Mar 2017 15:31:58 +0100
Date: Thu, 16 Mar 2017 15:31:58 +0100
From: Willy Tarreau <w@1wt.eu>
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Mark Nottingham <mnot@mnot.net>, Vasiliy Faronov <vfaronov@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20170316143158.GB15641@1wt.eu>
References: <CALHHdhwQBfBN0Xz-4kxRJrJekiCLnro1i-MVw954wTRyOWAtvw@mail.gmail.com> <E10BB6E0-3BD8-44EC-AE18-076D38077371@mnot.net> <CANatvzxS7Z9U5Jr2N_EeyY5NUrZ-weuGsetuUQdLWGGOQKVLNw@mail.gmail.com> <20170315062242.GB13814@1wt.eu> <CANatvzyeYxHFDDh-Hms6V0gJ+MkgW6v78uLj9bieR_nAaOfPHw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CANatvzyeYxHFDDh-Hms6V0gJ+MkgW6v78uLj9bieR_nAaOfPHw@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.0
X-W3C-Hub-Spam-Report: AWL=0.943, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1coWS0-0002D1-D5 dee1df35c7d023f532ac301a8f11e768
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 103 (Early Hints) vs. response headers
Archived-At: <http://www.w3.org/mid/20170316143158.GB15641@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33741
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Kazuho, On Thu, Mar 16, 2017 at 10:55:31PM +0900, Kazuho Oku wrote: > >> So to me it seems that if we state in Early Hints that the headers of > >> a 103 response is ones that are applied (speculatively) to the final > >> response but not the informational response itself, then we'd be > >> overriding RFC 6265. > > > > I'm not seeing it this way. In fact you may decide to put some headers > > there for this exact reason : while 1xx MAY be ignored, those implementing > > 103 MAY/WILL consider them. And you're sending 103 hoping that someone > > will make good use of it, not as a guarantee, so I don't think it > > contradicts 6265. > > While I would not say that RFC 6265 and Early Hints would contradict, > I still think that the requirement of how a Set-Cookie header _can_ be > handled is narrowed by Early Hints. Consider the response below. > > HTTP/1.1 103 Early Hints > Set-Cookie: a=b > > HTTP/1.1 200 OK > Content-Type: text/plain; charset=utf-8 > Content-Length: 12 > > Hello world > > RFC 6265 allows the client to store cookie `a` by stating that a > client MAY accept a Set-Cookie header within any 100-level response. > > If we are to state in Early Hints that the headers of a 103 response > are to be applied (speculatively) to the final response but not to the > informational response itself, we would effectively be forbidding such > behavior for clients that implements 103. > > In other words, a client that _do_ recognize a Set-Cookie header in > 100-level responses (it is a MAY in RFC 7230 section 6.2) would need > to special-case the handling of 103. From server-side perspective, it > would continue to be unable to expect whether if the client would > accept or ignore the set-cookie header in a 103 response since there > is no negotiation for Early Hints. > > To me this seems like a variation of what was pointed out by Vasiliy > (by using the Warnings header). Hmmm I see, indeed you can end up in an unknown state there. But maybe once properly documented it can be turned to a benefit for improved deployment. Let's consider this for example : HTTP/1.1 103 Early Hints Set-Cookie: cookie_support_on_103=yes HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Set-Cookie: this_is_a_regular=application_cookie Content-Length: 12 Hello world The server can detect in a subsequent request whether or not the path is clean. And by registering a standard cookie name for this use case we could even end up with the first request sending the information regarding this support from the browser based on the learning from a previous call without ever conflicting with application cookies, meaning that on subsequent calls the server may decide to pass much more info on the 103 response. Of course the cookie name and value would have to be much shorter than in the example above :-) Willy
- 103 (Early Hints) vs. response headers Vasiliy Faronov
- Re: 103 (Early Hints) vs. response headers Mark Nottingham
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Vasiliy Faronov
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Willy Tarreau
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Willy Tarreau
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Stefan Eissing
- Re: 103 (Early Hints) vs. response headers Mark Nottingham
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Kazuho Oku
- Re: 103 (Early Hints) vs. response headers Stefan Eissing