W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: NEW: #235: Cache Invalidation only happens upon successful responses

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 19 Oct 2010 11:41:39 +1100
Cc: "Moore, Jonathan" <jonathan_moore@comcast.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <5535F527-47B6-484F-B619-A81AF22B9BEA@mnot.net>
To: "Roy T. Fielding" <fielding@gbiv.com>

On 19/10/2010, at 11:37 AM, Roy T. Fielding wrote:

> On Oct 18, 2010, at 5:28 PM, Mark Nottingham wrote:
>> The question here, though, is whether /y should also be invalidated; since 2616 goes to pretty extensive lengths to say that the URL indicated by Location is to be invalidated, I don't see why it shouldn't be...
> 
> It does?  That sounds like a DoS attack vector.


2616:

> In order to prevent denial of service attacks, an invalidation based on the URI in a Location or Content-Location header MUST only be performed if the host part is the same as in the Request-URI.

--
Mark Nottingham   http://www.mnot.net/
Received on Tuesday, 19 October 2010 00:42:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:29 GMT