- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 19 Oct 2007 15:28:52 -0700
- To: Ian Hickson <ian@hixie.ch>
- CC: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
Ian Hickson wrote: > On Fri, 19 Oct 2007, Anne van Kesteren wrote: >> As for the questions: >> >> 1. Would the first reply be cached if it did not allow access (did not have >> Access-Control/<?access-control?>)? >> >> 2. Would the first reply be cached if the desired method was not listed in >> Allow? >> >> 3. Would it remain cached if the second reply did not allow access? > > For all of these I would say "no", because the overwhelmingly common case > where access is denied is when a developer is implementing an app that > goes cross-site, and until the cross-site request works, the developer > will be tweaking the code. If it is cached, the developer will have to > flush the cache between each test attempt. > > I see no advantage to caching these; they are the exceptional case, so > you shouldn't gain much (in terms of performance) from caching the reply. Agreed. The overwhelmingly common case will be that access is granted, as there is no incentive to make requests that fail. One important thing to mention in the spec is that the cache must be keyed on the referer-root value. So that you don't cache an access-granted based on one site requesting, and use the cache when another site is. / Jonas
Received on Friday, 19 October 2007 22:30:49 UTC