diff options
Diffstat (limited to 'docs/ROADMAP.md')
-rw-r--r-- | docs/ROADMAP.md | 41 |
1 files changed, 14 insertions, 27 deletions
diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index eb52d187..d664403c 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -18,31 +18,18 @@ HTTP/2 To decide: if we need to bundle parts of the nghttp2 stuff that probably won't be shipped by many distros. -- stream properties API +HTTP cookies +------------ - Provide options for setting priorities and dependencies among the streams - (easy handles). They are mostly information set for the stream and sent to - the server so we don't have to add much logic for this. +Two cookie drafts have been adopted by the httpwg in IETF and we should +support them as the popular browsers will as well: -- server push +[Deprecate modification of 'secure' cookies from non-secure +origins](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-00) - Not exactly clear exactly how to support this API-wise, but by adding - handles without asking for a resource it could be a way to be prepared to - receive pushes in case such are sent. We probably need it to still specify - a URL with host name, port etc but we probably need a special option to - tell libcurl it is for server push purposes. +[Cookie Prefixes](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00) -- provide option for HTTP/2 "prior knowledge" over clear text - - As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_ - it speaks HTTP/2. - -- provide option to allow curl to default to HTTP/2 only when using HTTPS - - We could switch on HTTP/2 by-default for HTTPS quite easily and it - shouldn't hurt anyone, while HTTP/2 for HTTP by default could introduce - lots of Upgrade: roundtrips that users won't like. So a separated option - alternative makes sense. +[Firefox bug report about secure cookies](https://bugzilla.mozilla.org/show_bug.cgi?id=976073) SRV records ----------- @@ -52,7 +39,9 @@ How to find services for specific domains/hosts. HTTPS to proxy -------------- -To avoid network traffic to/from the proxy getting snooped on. +To avoid network traffic to/from the proxy getting snooped on. There's a git +branch in the public git repository for this that we need to make sure works +for all TLS backends and then merge! curl_formadd() -------------- @@ -61,12 +50,10 @@ make sure there's an easy handle passed in to `curl_formadd()`, `curl_formget()` and `curl_formfree()` by adding replacement functions and deprecating the old ones to allow custom mallocs and more -third-party SASL +Third-party SASL ---------------- -add support for third-party SASL libraries such as Cyrus SASL - may need to -move existing native and SSPI based authentication into vsasl folder after -reworking HTTP and SASL code +Add support for third-party SASL libraries such as Cyrus SASL. SASL authentication in LDAP --------------------------- @@ -117,7 +104,7 @@ Improve 2. curl -h output (considered overwhelming to users) -3. we have > 160 command line options, is there a way to redo things to +3. we have > 170 command line options, is there a way to redo things to simplify or improve the situation as we are likely to keep adding features/options in the future too |