- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 14 Dec 2011 10:55:29 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
No, the notion in Origin is an exception to DNS authorities for broadening security constraints on javascript, etc. HTTP caching must not allow a non-matching-authority (including a different port) define what can be invalidated or replaced. ....Roy On Dec 13, 2011, at 7:27 PM, Mark Nottingham wrote: > <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/322> > > Since we now have a definition of an Origin, it'd be good to use it where appropriate. > > Proposal for p7 2.2: > > """A protection space is defined by the origin [ref to origin rfc], combined with the realm value (if present).""" > > Proposal for p6 2.5: > > """However, a cache MUST NOT invalidate a URI from a Location or Content-Location header field if that URI does not have the same origin as that of the effective request URI (section 4.3 of [Part1]), as specified in [ref to origin rfc].""" > > Comments? > > > -- > Mark Nottingham http://www.mnot.net/ > > > >
Received on Wednesday, 14 December 2011 18:58:40 UTC