- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 22 Nov 2010 10:56:57 +0100
- To: Jonas Sicking <jonas@sicking.cc>
- CC: Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On 22.11.2010 09:53, Jonas Sicking wrote: > ... >>>> 3) When a server changes the headers in a response based upon the value of the incoming Origin header (as outlined in sections 5.1 and 5.2), it must insert Vary: Origin into *all* responses for that resource; otherwise, downstream caches will incorrectly store it. >>>> >>>> Be aware that doing so will cause many versions of IE not to cache those responses at all. Another option would be to disallow varying the response based upon the Origin header. >>> >>> Disallowing varying by origin seems like a bigger problem than IE not caching. >> >> Either way, it needs to be addressed. > > You mean by adding a note in the spec? Are you adding a similar note > to http-bis about the Vary header? > ... CORS specifies behavior that makes the response to a request depend on the Origin request header. Therefore it would be good if if pointed out that as a *result* of that, the "Vary" header needs to be added to any response for that URI. Best regards, Julian
Received on Monday, 22 November 2010 09:57:39 UTC