>I wouldn't trust an "Expires" that didn't actually come along with the >document being served. There's a security hole otherwise; Joe >'Microsoft-is-Evil' might put up a form <click here> that returns > >================================================================ >Location: http://www.microsoft.com >Expires: 01 Jan 2001 12:00:00 pST > ><body>I am the evil Borg.</body> >================================================================ > >Why don't we leave it as 'Can't cache POST' and not bother gilding >this particular lily? Oh, crap!! Pardon me while I go scream out the window ..... The same problem is currently present if we allow any 2xx request to return a Location field outside the requested server. ....Roy T. Fielding Department of ICS, University of California, Irvine USA Visiting Scholar, MIT/LCS + World-Wide Web Consortium (fielding@w3.org) (fielding@ics.uci.edu)Received on Wednesday, 30 August 1995 17:04:47 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:27 EDT