- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 19 Oct 2010 11:41:39 +1100
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "Moore, Jonathan" <jonathan_moore@comcast.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 19/10/2010, at 11:37 AM, Roy T. Fielding wrote: > On Oct 18, 2010, at 5:28 PM, Mark Nottingham wrote: >> The question here, though, is whether /y should also be invalidated; since 2616 goes to pretty extensive lengths to say that the URL indicated by Location is to be invalidated, I don't see why it shouldn't be... > > It does? That sounds like a DoS attack vector. 2616: > In order to prevent denial of service attacks, an invalidation based on the URI in a Location or Content-Location header MUST only be performed if the host part is the same as in the Request-URI. -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 19 October 2010 00:42:11 UTC