On 2/8/22 7:10 PM, Roy T. Fielding wrote:
> As noted in
>
> https://github.com/icing/mod_h2/issues/230#issuecomment-1032905432
>
> This doesn't look right to me. I think what you want is to verify that https
> is
> in a secured connection. This should have no effect on other schemes, and
> certainly not require all schemes to be http or https.
>
> Literally, the scheme is a naming system, not a protocol. "http" and "https"
> and "foo" schemes can be resolved by any protocol that performs requests
> on an absolute URI, including HTTP/2. "https" only requires the connection
> to be secured end-to-end.
With respect to our HTTP/1 handling r1895921
http://svn.apache.org/viewvc?view=revision&revision=1895921 added
a check that the scheme for non forward proxied requests either needs to be
http or https, but we don't check
for a matching with the actual connection whether this is secured or not.
Regards
RĂ¼diger