ons 2012-03-14 klockan 16:13 +1300 skrev Amos Jeffries:
> We are asking an HTTP peer to Upgrade its hop. We have not sent
> acceptance to the client, and will relay the peers reject/accept. No
> violation there. We just loose control of a HTTP connection by trying is
> all.
You can only do this if you know the upgrade protocol token and that
it's safe to redirect the request in this manner. The Upgrade token sent
by the client is directed AT US, not our peers.
Examples of cases when it's not safe:
a) The upgraded protocol intends to use Kerberos authentication or any
other method where the client needs to know the endpoint.
b) A protocol upgrade that requires more than just tunneling to forward.
I.e. one that requires some kind of secondary channel to be established.
c) Any situation when the peer is the origin server. Esp when looking at
CONNECT.
Regards
Henrik
Received on Wed Mar 14 2012 - 07:05:14 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 14 2012 - 12:00:07 MDT