- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 05 Nov 2007 10:39:53 +0100
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
* Jonas Sicking wrote: >Another thing that occurred to me is does HTTP caches take the full set >of request headers into account when caching? Otherwise it could be >directly harmful to include Referer-Root and Method-Check headers. The >cache might store an "authorize" reply when the request is made for >Referer-Root A and wrongly respond with the same document is checked for >Referer-Root B. No, authors have to actively prevent improper caching of the response. Ian suggested that "merely adding a Vary: header with the appropriate values will remove that problem" so even Ian would fail to set this up properly (e.g., Vary would have no effect on simple HTTP/1.0 caches). -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 5 November 2007 09:39:57 UTC