W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [XHR2] AnonXMLHttpRequest()

From: Tyler Close <tyler.close@gmail.com>
Date: Wed, 3 Feb 2010 14:49:52 -0800
Message-ID: <5691356f1002031449gfe25c8en8a66eb754eee2851@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Jonas Sicking <jonas@sicking.cc>, Maciej Stachowiak <mjs@apple.com>, Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
On Wed, Feb 3, 2010 at 2:12 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> We know that "Vary" doesn't work well in practice because of all the
> bugs^^^^shortcomings in IE.

For requests with cookies, there's an interesting tension there
between wanting to support private caching in IE, but wanting to
prevent a proxy from sharing responses with other users. Since we know
the Vary header doesn't work for this case, what's the popular
workaround? Does this workaround rely on undocumented treatment of the
Cookie header by proxies?

I'm currently thinking it would be best for UMP to specify that a
cached response can only be used if it is valid under the rules HTTP
establishes for a "shared cache", rather than for a "private cache". I
am concerned if this is sufficient to guard against buggy but common
use of cookies by servers, and separately, if it would result in
unnecessary cache misses.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html
Received on Wednesday, 3 February 2010 22:50:27 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT