Yes. While it’s not required per the spec, the following is mentioned in RFC6265 (emphasis is in the original document, not added) To maximize compatibility with user agents, servers that wish to store arbitrary data in a cookie-value SHOULD encode that data, for example, using Base64 [RFC4648]. In my experience, most web frameworks and libraries … Read more
Server-side cache control headers should look like: Expires: Tue, 03 Jul 2001 06:00:00 GMT Last-Modified: {now} GMT Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate Avoid rewriting URLs on the client because it pollutes caches, and causes other weird semantic issues. Furthermore: Use one Cache-Control header (see rfc 2616) because behaviour with multiple entries is undefined. Also the … Read more
As of 1.5, if you are running in GCE (by extension GKE) or AWS, you simply need to add an annotation to your Service to make HTTP source preservation work. … kind: Service metadata: annotations: service.beta.kubernetes.io/external-traffic: OnlyLocal … It basically exposes the service directly via nodeports instead of providing a proxy–by exposing a health probe … Read more
While @Oded is correct that HTTP is stateless between requests, app servers can indeed detect when the underlying TCP/IP connection has broken for the request being processed. Why is this? Because TCP is a stateful protocol for reliable connections. A common technique for .Net web apps processing a resource intensive request is to check Response.IsClientConnected … Read more
I’ve written an article with a complete CORS setup. I found several issues that can result in this problem: The Access-Control-Allow-Origin cannot be a wildcard if credentials are being used. It’s easiest just to copy the Origin header of the request to this field. It’s entirely unclear why the standard would disallow a wildcard. Firefox … Read more
One of the following should do it: Close the connection (reset or normal close) Write a malformed chunk (and close the connection) which will trigger client error Add a http trailer telling your client that something went wrong. Change your higher level protocol. Last piece of data you send is a hash or a length … Read more
Solutions barely exist for this, and the documentation is poor at best for supporting both on one server. The trick here is to understand that client proxy configurations may send https requests to an http proxy server. This is true for Firefox if you specify an HTTP proxy and then check “same for all protocols”. … Read more
I will try to answer it a little bit more informally. Connection timeout – is a time period within which a connection between a client and a server must be established. Suppose that you navigate your browser (client) to some website (server). What happens is that your browser starts to listen for a response message … Read more
I cannot say if this is broadly accepted by HTTP clients, but speaking strictly RFC, the server should respond with: HTTP/1.1 426 Upgrade Required Upgrade: TLS/1.0, HTTP/1.1 Connection: Upgrade Source: https://www.rfc-editor.org/rfc/rfc2817#section-4.2
See url with multiple forward slashes, does it break anything?, Are there any downsides to using double-slashes in URLs?, What does the double slash mean in URLs? and RFC 3986 – Uniform Resource Identifier (URI): Generic Syntax. Consensus: browsers will do the request as-is, they will not alter the request. The / character is the … Read more