W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [XHR2] AnonXMLHttpRequest()

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 03 Feb 2010 22:32:17 +0100
Message-ID: <4B69EB61.7070300@gmx.de>
To: Tyler Close <tyler.close@gmail.com>
CC: Jonas Sicking <jonas@sicking.cc>, Maciej Stachowiak <mjs@apple.com>, Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
Tyler Close wrote:
> On Wed, Feb 3, 2010 at 1:00 AM, Jonas Sicking <jonas@sicking.cc> wrote:
>> Another thing that might be worth noting is that if the UA contains a
>> HTTP cache (which most popular UAs do), the UA must never use a cached
>> response that was the result of a request that was made with
>> credentials, when making a request without. The same goes the other
>> way around.
> 
> I gather this is because sites do not reliably use the Vary header?

"When a shared cache (see Section 13.7) receives a request containing an 
Authorization field, it MUST NOT return the corresponding response as a 
reply to any other request, unless one of the following specific 
exceptions holds:..."

<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.8>

> ...

BR, Julian
Received on Wednesday, 3 February 2010 21:34:33 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT