W3C home > Mailing lists > Public > public-appformats@w3.org > November 2007

Re: Design issues for access-control

From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 05 Nov 2007 09:57:36 -0800
Message-ID: <472F5990.8070706@sicking.cc>
To: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>

Anne van Kesteren wrote:
>> Another thing that occurred to me is does HTTP caches take the full 
>> set of request headers into account when caching? Otherwise it could 
>> be directly harmful to include Referer-Root and Method-Check headers. 
>> The cache might store an "authorize" reply when the request is made 
>> for Referer-Root A and wrongly respond with the same document is 
>> checked for Referer-Root B.
> 
> The authentication request cache is a seperate thing that uses the 
> Referer-Root and request URI as "primary key". Or do you mean something 
> else?

Yes, I mean something else. I mean a general-purpose HTTP cache sitting 
between the server and the XMLHttpRequest implementation. Including, but 
not limited to, the cache in the browser.

/ Jonas
Received on Monday, 5 November 2007 18:00:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:08 UTC