On Dec 7, 2015 8:43 AM, "William A Rowe Jr" <[email protected]> wrote: > > https://tools.ietf.org/html/rfc7230#section-6.7 makes things more interesting, it calls out that 101-continue and the request body read precedes the 101-switching protocols. Not sure who decided that would be a good idea, sigh...
100-continue can't be after the switch; the new protocol may not have any idea what continue semantics are. Similarly, the request body sent is still part of an HTTP/1.1 request and should be processed as such. > but mod_ssl TLS upgrade has these reversed for several good reasons including the intent to encrypt the request body if present and simple economics of processing. Did you mean "decrypt the request body"? The client needs to send its request body in plaintext since servers are free to completely ignore the Upgrade, right? My reading of the specs is that an Upgrade request is still a self-contained HTTP/1.1 request, body included. Sorry if I've misunderstood your wording. --Jacob
