- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 5 Dec 2013 10:38:24 +1100
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: "Hill, Brad" <bhill@paypal.com>, Karl Dubost <karl@la-grange.net>, Anne van Kesteren <annevk@annevk.nl>, "Julian F. Reschke" <julian.reschke@gmx.de>, Odin Hørthe Omdal <odinho@opera.com>, WebAppSec WG <public-webappsec@w3.org>, Adam Barth <w3c@adambarth.com>
Aha! Why is a 304 being returned for OPTIONS? Cheers, On 5 Dec 2013, at 10:36 am, Jonas Sicking <jonas@sicking.cc> wrote: > On Wed, Dec 4, 2013 at 3:24 PM, Hill, Brad <bhill@paypal.com> wrote: >> We still have the case where the headers indicating validity to the cache may give a longer lifetime than a supplied Access-Control-Max-Age. In such cases, I would argue that regenerating the Access-Control headers is part of providing correct caching and validity information to the client, and therefore they SHOULD be included with a 304. > > Access-Control-Max-Age only applies to OPTIONS responses which I > didn't think could ever be cached? > > / Jonas -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 4 December 2013 23:38:56 UTC