- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 17 Oct 2012 11:49:29 -0400
- To: Jungkee Song <jungkee.song@samsung.com>
- CC: "'Mark Baker'" <mark@zepheira.com>, "'Hallvord Reiar Michaelsen Steen'" <hallvord@opera.com>, "'Julian Aubourg'" <j@ubourg.net>, public-webapps@w3.org
On 10/17/12 12:17 AM, Jungkee Song wrote: > Yes, that could solve the issue, but it seems we cannot avoid the > intermediary caching proxy problem unless server actually put "Vary: > User-Agent" in every response. I'm wondering if it's still worth to put it > into spec. Again, any intermediary proxy that doesn't assume that is in practice broken with real-world content... > Should we specify the length of the header that the script allows in the > spec? That does not seem necessary. In particular, the only thing this would hurt is the script making the request, right? >> 3. Poorly designed UA-sniffing code may be confused and misinterpret > tokens in the UA. > > Sanitizing the header value could be considered. Yes. -Boris
Received on Wednesday, 17 October 2012 15:50:08 UTC