- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 26 Jul 2011 15:45:15 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
Nice text; +1. On 26/07/2011, at 3:29 PM, Julian Reschke wrote: > Or even....: > > "The credentials carried in an Authorization header field are specific to the User Agent, and therefore have the same effect on HTTP caches as the "private" Cache-Control response directive, within the scope of the > request they appear in. > > Therefore, new authentication schemes which choose not to carry credentials in the Authorization header (e.g., using a newly defined > header) will need to explicitly disallow caching, by mandating the use of either Cache-Control request directives (e.g., "no-store") or response directives (e.g., "private")." -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 26 July 2011 19:45:39 UTC