Re: P3P - Feedback on Access Control

On Thu, 24 Jan 2008 02:47:00 +0100, Mark Nottingham <>  
> On 24/01/2008, at 12:11 PM, Ian Hickson wrote:
>> As far as I can tell, all feedback has been responded to -- can you be
>> more specific as to what technical feedback hasn't been answered?
> * Inability to cache OPTIONS, and the resulting problems for scaling  
> this mechanism by caching policy in anything but the client

This is also done to ensure that the client does not get a wrong copy from  
a poxy server for instance.

> * per-resource OPTIONS requests are too chatty, don't scale to large  
> numbers of resources, eventually causing developers to come up with  
> workarounds such as boxcarring messages

In case you have full control over the server, and it seems that you do if  
you expect heavy load, you can just catch OPTIONS requests early on and  
reply with 'Access-Control: allow <*>;\r\nMethod-Check-Maxage:<large  
value>' indicating that you're cross-site request aware.

> * Access-Control syntax is still suboptimal

Didn't we fix this? If not, I'd need more detail.

Anne van Kesteren

Received on Thursday, 24 January 2008 12:04:59 UTC