- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 05 Nov 2007 09:57:36 -0800
- To: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
Anne van Kesteren wrote: >> Another thing that occurred to me is does HTTP caches take the full >> set of request headers into account when caching? Otherwise it could >> be directly harmful to include Referer-Root and Method-Check headers. >> The cache might store an "authorize" reply when the request is made >> for Referer-Root A and wrongly respond with the same document is >> checked for Referer-Root B. > > The authentication request cache is a seperate thing that uses the > Referer-Root and request URI as "primary key". Or do you mean something > else? Yes, I mean something else. I mean a general-purpose HTTP cache sitting between the server and the XMLHttpRequest implementation. Including, but not limited to, the cache in the browser. / Jonas
Received on Monday, 5 November 2007 18:00:37 UTC