W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [XHR2] AnonXMLHttpRequest()

From: Tyler Close <tyler.close@gmail.com>
Date: Thu, 4 Feb 2010 14:05:21 -0800
Message-ID: <5691356f1002041405x4c9f72cdhb2a2296d3148067c@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, Jonas Sicking <jonas@sicking.cc>, Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
On Wed, Feb 3, 2010 at 2:34 PM, Maciej Stachowiak <mjs@apple.com> wrote:
> I don't think I've ever seen a Web server send "Vary: Cookie". I don't know offhand if they consistently send enough cache control headers to prevent caching across users.

I've been doing a little poking around. Wikipedia sends "Vary:
Cookie". Wikipedia additionally uses "Cache-Control: private", as do
some other sites I checked. Other sites seem to be relying on
revalidation of cached entries by making them already expired.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html
Received on Thursday, 4 February 2010 22:05:54 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT