httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <champio...@gmail.com>
Subject Re: 2.4 pause - mod_http2 patchset Upgrade h2c vs mod_ssl Upgrade tls
Date Mon, 07 Dec 2015 22:10:45 GMT
On 12/07/2015 11:55 AM, Jacob Champion wrote:
>  > - moving things to post read sounds tempting, however I'm not sure if
> we want to upgrade on non-authed request or not, for example. I am not
> sure what else we do in post read, maybe someone else has an opinion
> about that. It certainly looks nicer in the OPTIONS * case.
>
> WebSocket upgrades rely on authn headers and cookies; there is no (good)
> way after a connection has been established to say "well, I upgraded you
> but now I'm closing the connection because you weren't authorized." The
> check needs to be done before sending 101 (and otherwise a 401/403/4xx
> needs to be sent instead of the upgrade).

D'oh. My WebSocket rambling has nothing to do with anything you said -- 
I only just realized you were both talking about mod_ssl's hook 
implementations, not the general order of the hooks in the new Upgrade 
architecture...

Sorry for the noise.

--Jacob

Mime
View raw message