Well, I don’t understand why this won’t work for you. If you see tokens then you ask whether they were sent using TLS. If so, accept them; if not, reject them. I don’t see any value in knowing specifically the HTTPS was used as it’s no different then asking is TLS was used. So, Andreas and Brian, tell me what’s missing here?<br>
<br>
Andy<br>
<br>
From: Brian P Bockelman <br>
Sent: Tuesday, January 15, 2019 6:38 AM<br>
To: xrootd/xrootd <br>
Cc: Andrew Hanushevsky ; Comment <br>
Subject: Re: [xrootd/xrootd] XrdHttp: add the used protocol (https/http) as a special header i (#896)<br>
<br>
Yup, please do! This has been on my TODO list as I want to block the use of tokens over HTTP.<br>
<br>
—<br>
You are receiving this because you commented.<br>
Reply to this email directly, view it on GitHub, or mute the thread.<br>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/xrootd/xrootd/pull/896#issuecomment-454593972">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AD7Yjjxw8Ezqm01YGyrnQGqJt-ZuhGhfks5vDmaxgaJpZM4Z9xxQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/AD7YjsnUEgVS4osdc3HQLH990bQHaMMWks5vDmaxgaJpZM4Z9xxQ.gif" height="1" width="1" alt="" /></p>
<!cript type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@abh3 in #896: Well, I don’t understand why this won’t work for you. If you see tokens then you ask whether they were sent using TLS. If so, accept them; if not, reject them. I don’t see any value in knowing specifically the HTTPS was used as it’s no different then asking is TLS was used. So, Andreas and Brian, tell me what’s missing here?\n\nAndy\n\nFrom: Brian P Bockelman \nSent: Tuesday, January 15, 2019 6:38 AM\nTo: xrootd/xrootd \nCc: Andrew Hanushevsky ; Comment \nSubject: Re: [xrootd/xrootd] XrdHttp: add the used protocol (https/http) as a special header i (#896)\n\nYup, please do! This has been on my TODO list as I want to block the use of tokens over HTTP.\n\n—\nYou are receiving this because you commented.\nReply to this email directly, view it on GitHub, or mute the thread.\n"}],"action":{"name":"View Pull Request","url":"https://github.com/xrootd/xrootd/pull/896#issuecomment-454593972"}}}</script>
<!cript type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/pull/896#issuecomment-454593972",
"url": "https://github.com/xrootd/xrootd/pull/896#issuecomment-454593972",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script><br>
<hr>
<p align="left">
Use REPLY-ALL to reply to list</p>
<p align="center">To unsubscribe from the XROOTD-DEV list, click the following link:<br>
<a href="https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1" target="_blank">https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1</a>
</p>