On Oct 9, 2007, at 15:22, Thomas Roessler wrote: > The POST might change the state of that resource. > > Why do we believe that it won't change the access-control policy > associated with the resource? What would be associated with the URI in a way that bypasses HTTP caching is knowledge about the capability of the server-side app to deal with cross-domain POSTs. It would be radically abnormal for an app to lose its capability to deal with cross-domain POSTs as the result of an earlier POST. OTOH, having a time-to-live value for the cross-domain method authorization makes sense, because services may otherwise change over time. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/Received on Tuesday, 9 October 2007 12:37:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT