Encoding SHA256 used to be optional internally, but it's not anymore.
If the requester specifies a hash explicitly, we hash anyway and
check if the hashes agrees, just in case. We can revise this behaviour
later because it can be problematic for large assets.
Content encoding negotiation is a bit tricky because we can only
certify one encoding with the current scheme.
I decided to specify the explicit order in which we try to certify
encodings ("identity" is the most preferred one).
Automatic substitution of /index.html instead of missing assets forces us
to use a slightly more elaborate witness structure.
Highlights:
Encoding SHA256 used to be optional internally, but it's not anymore. If the requester specifies a hash explicitly, we hash anyway and check if the hashes agrees, just in case. We can revise this behaviour later because it can be problematic for large assets.
Content encoding negotiation is a bit tricky because we can only certify one encoding with the current scheme. I decided to specify the explicit order in which we try to certify encodings ("identity" is the most preferred one).
Automatic substitution of /index.html instead of missing assets forces us to use a slightly more elaborate witness structure.