- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 9 Oct 2007 14:22:12 +0200
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Henri Sivonen <hsivonen@iki.fi>, Jonas Sicking <jonas@sicking.cc>, public-appformats@w3.org
On 2007-10-09 14:15:28 +0200, Anne van Kesteren wrote: > The scenario is like this: > > 1. Script does a POST request to http://example.org/foo > 2. Script does a POST request to http://example.org/foo > > This results in the following: > > 1. UA does GET access request check to http://example.org/foo > 2. UA does POST access request to http://example.org/foo > 3. UA does GET access request check to http://example.org/foo > 4. UA does POST access request to http://example.org/foo > > The user agent does 3 because the HTTP cache for http://exmaple.org/foo is > invalidated at 2 (because of the POST). We want a way to override this for > access request checks so you don't have to an actual access request check > for each request to the same resource. The POST might change the state of that resource. Why do we believe that it won't change the access-control policy associated with the resource? (Yes, I do realize that there is a race condition in here in any event.) -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 9 October 2007 12:22:22 UTC