Re: [XHR2] AnonXMLHttpRequest()

On Wed, Feb 3, 2010 at 2:12 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> We know that "Vary" doesn't work well in practice because of all the
> bugs^^^^shortcomings in IE.

For requests with cookies, there's an interesting tension there
between wanting to support private caching in IE, but wanting to
prevent a proxy from sharing responses with other users. Since we know
the Vary header doesn't work for this case, what's the popular
workaround? Does this workaround rely on undocumented treatment of the
Cookie header by proxies?

I'm currently thinking it would be best for UMP to specify that a
cached response can only be used if it is valid under the rules HTTP
establishes for a "shared cache", rather than for a "private cache". I
am concerned if this is sufficient to guard against buggy but common
use of cookies by servers, and separately, if it would result in
unnecessary cache misses.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html

Received on Wednesday, 3 February 2010 22:50:27 UTC