W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Re: [cors] 27 July 2010 CORS feedback

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 22 Nov 2010 10:56:57 +0100
Message-ID: <4CEA3E69.9090001@gmx.de>
To: Jonas Sicking <jonas@sicking.cc>
CC: Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On 22.11.2010 09:53, Jonas Sicking wrote:
> ...
>>>> 3) When a server changes the headers in a response based upon the value of the incoming Origin header (as outlined in sections 5.1 and 5.2), it must insert Vary: Origin into *all* responses for that resource; otherwise, downstream caches will incorrectly store it.
>>>>
>>>> Be aware that doing so will cause many versions of IE not to cache those responses at all. Another option would be to disallow varying the response based upon the Origin header.
>>>
>>> Disallowing varying by origin seems like a bigger problem than IE not caching.
>>
>> Either way, it needs to be addressed.
>
> You mean by adding a note in the spec? Are you adding a similar note
> to http-bis about the Vary header?
> ...

CORS specifies behavior that makes the response to a request depend on 
the Origin request header. Therefore it would be good if if pointed out 
that as a *result* of that, the "Vary" header needs to be added to any 
response for that URI.

Best regards, Julian
Received on Monday, 22 November 2010 09:57:39 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT