- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 5 Nov 2007 09:37:04 -0500
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Jonas Sicking <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>
On 2007-11-05 06:13:01 -0500, Anne van Kesteren wrote: >> Another thing that occurred to me is does HTTP caches take the >> full set of request headers into account when caching? >> Otherwise it could be directly harmful to include Referer-Root >> and Method-Check headers. The cache might store an "authorize" >> reply when the request is made for Referer-Root A and wrongly >> respond with the same document is checked for Referer-Root B. > The authentication request cache is a seperate thing that uses > the Referer-Root and request URI as "primary key". Or do you mean > something else? Björn is talking about HTTP proxy caches on the network. You really don't want to get these into the critical path for deploying the access-control spec. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 5 November 2007 14:37:14 UTC