- From: Simon Pieters <simonp@opera.com>
- Date: Wed, 17 Oct 2012 11:00:42 +0200
- To: "Mark Nottingham" <mnot@mnot.net>
- Cc: ietf-http-wg@w3.org
On Wed, 17 Oct 2012 09:32:14 +0200, Mark Nottingham <mnot@mnot.net> wrote: > Um, no. > > Not only will this retroactively make all intermediary caches > non-conformant, it'll also make them completely useless, because of the > large (and unnecessary) amount of variance in User-Agent headers. OK, I can see now that it would make them useless. > I understand there are security issues here caused by CORS, The security issue under discussion in the referenced thread would materialize if browsers start allowing changing the User-Agent header in XHR without sanitizing it. However, that's not the reason I sent the email. The reason is that bz argued that intermediary caches are broken, which they are for pages on the Web that vary but don't say they vary, however that's not actually limited to the User-Agent header and is not a valid reason to require intermediary caches be useless instead of broken. Also see http://lists.w3.org/Archives/Public/public-webapps/2012OctDec/0216.html -- Simon Pieters Opera Software
Received on Wednesday, 17 October 2012 09:01:19 UTC