On 2007-11-05 06:13:01 -0500, Anne van Kesteren wrote: >> Another thing that occurred to me is does HTTP caches take the >> full set of request headers into account when caching? >> Otherwise it could be directly harmful to include Referer-Root >> and Method-Check headers. The cache might store an "authorize" >> reply when the request is made for Referer-Root A and wrongly >> respond with the same document is checked for Referer-Root B. > The authentication request cache is a seperate thing that uses > the Referer-Root and request URI as "primary key". Or do you mean > something else? Björn is talking about HTTP proxy caches on the network. You really don't want to get these into the critical path for deploying the access-control spec. -- Thomas Roessler, W3C <tlr@w3.org>Received on Monday, 5 November 2007 14:37:14 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:23 GMT