- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 24 Jan 2008 01:12:06 +0000 (UTC)
- To: Mark Nottingham <mnot@yahoo-inc.com>
- Cc: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
On Thu, 24 Jan 2008, Mark Nottingham wrote: > On 24/01/2008, at 10:30 AM, Anne van Kesteren wrote: > > On Wed, 23 Jan 2008 22:17:36 +0100, Mark Nottingham <mnot@yahoo-inc.com> > > wrote: > > > > > > BTW, I understand the motivation for this now that OPTIONS is used, > > > but you still have a clock sync problem. > > > > Race conditions are already covered by the specification. Authors are > > advised to check to the Referer-Root header to prevent such issues > > from occuring. > > I didn't say it was a race condition, Anne. Consider a naive > implementation that use a local clock to determine when the policy > expires; e.g., if it expires at 1pm, and the local clock is incorrectly > indicating that it's 12:30pm, the implementation will see an expired > policy and be unable to fetch a valid one. This can be avoided by using > an offset from the Date header, but you need to specify that. > > Another (probably better, based upon experience with caching) approach > would be to use a delta rather than a http-date. Yeah, I agree that having the header just have a number of seconds would be better than having an HTTP date. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 24 January 2008 01:12:16 UTC