W3C home > Mailing lists > Public > public-html@w3.org > January 2012

Re: Meta element to prevent resending post data

From: Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com>
Date: Sat, 28 Jan 2012 21:25:07 +0000
Message-ID: <CAEhSh3dziiMUWo3oz5zBh0TeGaiFBXQ-9wURC_6LzbJ8mKC0tg@mail.gmail.com>
To: Samuel Santos <samaxes@gmail.com>
Cc: Kornel Lesiński <kornel@geekhood.net>, "Marat Tanalin | tanalin.com" <mtanalin@yandex.ru>, "public-html@w3.org" <public-html@w3.org> 
2012/1/27 Samuel Santos <samaxes@gmail.com>:
>> * History navigation (Back button) should always read POSTed pages from
>> cache, even if pages had Cache-Control: no-cache set (this is
>> RFC-compliant). This way there is no unexpected resubmission happening
>> automatically, and—unless user forces browser to clear the cache—there is no
>> need to ask any questions or switch to GET.
>
>
> That should not work with HTTPS.

Says what?

> If it does, it's a serious security issue.

How so?

--
Benjamin Hawkes-Lewis
Received on Saturday, 28 January 2012 21:25:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:43 GMT