W3C home > Mailing lists > Public > public-appformats@w3.org > October 2007

Re: [access-control] non-GET authorization

From: Anne van Kesteren <annevk@opera.com>
Date: Sat, 20 Oct 2007 00:53:32 +0200
To: "Jonas Sicking" <jonas@sicking.cc>, "Ian Hickson" <ian@hixie.ch>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t0gu7irn64w2qv@annevk-t60.oslo.opera.com> 

On Sat, 20 Oct 2007 00:28:52 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> One important thing to mention in the spec is that the cache must be  
> keyed on the referer-root value. So that you don't cache an  
> access-granted based on one site requesting, and use the cache when  
> another site is.

Hmm ok. I guess that's in line with what Ian mentioned earlier about not  
wanting to expose all sites you grant access too. In that case caching the  
reply in case of failure does indeed make less sense.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Friday, 19 October 2007 22:53:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT