W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Re: [access-control] Implementation comments (credentials flag)

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 06 Oct 2008 21:12:08 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: public-webapps@w3.org
Message-ID: <op.uimaaikn64w2qv@annevk-t60.oslo.opera.com>

On Tue, 30 Sep 2008 00:36:10 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Jonas Sicking wrote:
>>  Yes, I think it would be helpful to add that information. It wasn't  
>> clear that the credentials flag wasn't part of the key until you put it  
>> this way (though the spec already clearly says so, just easy to miss).

I added a note that says what the primary key is now. (The credentials  
flag is also part of it now.)

> [...]
> So in this case the credentials flag is actually part of the primary  
> key. I.e. the spec says to not update an existing entry if a request is  
> made with the credentials flag set to true, but the cache contains an  
> entry with the credentials flag set to false. Instead a new entry should  
> be created which will only differ in the value of the credentials flag  
> (and possibly in the value of the expiry time).
> I suspect the simplest solution is to actually make the credentials flag  
> part of the primary key everywhere.

Indeed. It didn't seem to be worth the trouble to optimize for public non  
credentialed requests for "URLs" that already have a credentialed cache  

Anne van Kesteren
Received on Monday, 6 October 2008 19:12:55 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:12 UTC