- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 22 Nov 2010 09:28:50 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On Mon, Nov 22, 2010 at 1:56 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 22.11.2010 09:53, Jonas Sicking wrote: >> >> ... >>>>> >>>>> 3) When a server changes the headers in a response based upon the value >>>>> of the incoming Origin header (as outlined in sections 5.1 and 5.2), it must >>>>> insert Vary: Origin into *all* responses for that resource; otherwise, >>>>> downstream caches will incorrectly store it. >>>>> >>>>> Be aware that doing so will cause many versions of IE not to cache >>>>> those responses at all. Another option would be to disallow varying the >>>>> response based upon the Origin header. >>>> >>>> Disallowing varying by origin seems like a bigger problem than IE not >>>> caching. >>> >>> Either way, it needs to be addressed. >> >> You mean by adding a note in the spec? Are you adding a similar note >> to http-bis about the Vary header? >> ... > > CORS specifies behavior that makes the response to a request depend on the > Origin request header. Therefore it would be good if if pointed out that as > a *result* of that, the "Vary" header needs to be added to any response for > that URI. Ooh, i thought the initial paragraph from Mark was a quote from the spec. I now see that that is not the case. I'm fairly sure we've discussed that in the past and I agree that such a note should be added. / Jonas
Received on Monday, 22 November 2010 17:29:47 UTC