- From: Tyler Close <tyler.close@gmail.com>
- Date: Wed, 3 Feb 2010 14:49:52 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Jonas Sicking <jonas@sicking.cc>, Maciej Stachowiak <mjs@apple.com>, Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
On Wed, Feb 3, 2010 at 2:12 PM, Julian Reschke <julian.reschke@gmx.de> wrote: > We know that "Vary" doesn't work well in practice because of all the > bugs^^^^shortcomings in IE. For requests with cookies, there's an interesting tension there between wanting to support private caching in IE, but wanting to prevent a proxy from sharing responses with other users. Since we know the Vary header doesn't work for this case, what's the popular workaround? Does this workaround rely on undocumented treatment of the Cookie header by proxies? I'm currently thinking it would be best for UMP to specify that a cached response can only be used if it is valid under the rules HTTP establishes for a "shared cache", rather than for a "private cache". I am concerned if this is sufficient to guard against buggy but common use of cookies by servers, and separately, if it would result in unnecessary cache misses. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Wednesday, 3 February 2010 22:50:27 UTC