On Mon, May 8, 2017 at 3:16 PM, Patrick McManus <[email protected]> wrote: > On Mon, May 8, 2017 at 8:55 AM, Anne van Kesteren <[email protected]> wrote: >> Okay, so instead of failing the connection you fail just the request. >> Are you also saying that only HTTP/1 can have authenticated >> connections at this point? > > I am saying fail the request. The disposition of the connection is a > protocol detail depending on the auth details.. It seems for TLS-client-auth > you would need to fail the connection because the http bits are stalled mid > flight, but for something like NTLM you have a clean resolution to the auth > trigger (it came back with a 401 that we're not going to act on) and the > connection could still be used for other requests. > > wrt h1 - yes, I believe right now the only client-authenticated connections > are in h1.
So a simple change would be to just start reusing HTTP/2 connections and leave HTTP/1 alone, but more aggressive seems acceptable too, if everyone can agree on failing the request for NTLM and failing the connection for TLS-client-auth. Would the appropriate next step be a bug against Gecko? The request retry issue is probably best further discussed here: https://github.com/whatwg/fetch/issues/538 (thanks Eric!). As for the HTTP/2 push concerns. There's quite a bit of debate here: https://github.com/whatwg/fetch/issues/354. Including feedback from sleevi, mt, and mnot. If you could add your perspective there that would help I think. Anything else? -- https://annevankesteren.nl/ _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
