- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Tue, 9 Oct 2007 15:36:34 +0300
- To: Thomas Roessler <tlr@w3.org>
- Cc: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, public-appformats@w3.org
On Oct 9, 2007, at 15:22, Thomas Roessler wrote: > The POST might change the state of that resource. > > Why do we believe that it won't change the access-control policy > associated with the resource? What would be associated with the URI in a way that bypasses HTTP caching is knowledge about the capability of the server-side app to deal with cross-domain POSTs. It would be radically abnormal for an app to lose its capability to deal with cross-domain POSTs as the result of an earlier POST. OTOH, having a time-to-live value for the cross-domain method authorization makes sense, because services may otherwise change over time. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Tuesday, 9 October 2007 12:37:00 UTC