- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Mon, 21 Sep 2009 20:49:43 +0200
- To: Brian Smith <brian@briansmith.org>
- Cc: "'Mark Nottingham'" <mnot@mnot.net>, "'HTTP Working Group'" <ietf-http-wg@w3.org>
mån 2009-09-21 klockan 10:05 -0500 skrev Brian Smith: > Henrik Nordstrom wrote: > > But this part of the specifications should only be advisory and best > > practice recommendation, giving browsers permission to bypass freshness > > controls on accesses due to history navigation, not a strict > > requirement on implementaitons to do exactly this. > > Why does the HTTP specification even need to mention history lists. > The vast majority of HTTP caches do not even maintain history lists. > The ones that do (built into browsers) will design their history list > mechanism according to their own security & performance goals. Plus, > as Henrik noted previously, there's a lot more to a browser history > list than caching the HTTP request/response (ActiveX/plugin state, > Javascript state, SVG animation state, Javascript APIs for controlling > history, etc.) It's an explicit freedom to disregard HTTP freshness controls in history buffers and the like. But yes, the fine details there belongs more in a browser profile specification than the HTTP specifications as such. Regards Henrik
Received on Monday, 21 September 2009 18:50:28 UTC