- From: Adam Rice <notifications@github.com>
- Date: Wed, 29 Oct 2025 09:44:35 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 29 October 2025 16:44:39 UTC
ricea left a comment (w3c/ServiceWorker#1798) > Do we expect that No-Vary-Search will be served differently based on user state? In principle, no. The intention is that URLs that differ only in query should all be served with the same No-Vary-Search value. In practice we've already seen this expectation violated in production. The issue is that sites serving a 404 or 403 or redirect because the user is not logged on will frequently not have the same response headers as the logged-in case. Historically this was used as an attack on the HTTP cache, but I think all major browsers have mitigated that with cache partitioning now. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1798#issuecomment-3462641011 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/1798/3462641011@github.com>
Received on Wednesday, 29 October 2025 16:44:39 UTC