Re: CORS and Caching (in reverse proxies / CDNs)

On 30/04/14 14:47, Anne van Kesteren wrote:
> On Mon, Apr 28, 2014 at 3:43 PM, Nils Goroll <slink@schokola.de> wrote:
>> Please consider the simple case of a web font http://static.do.main/font.woff
>> which, for licensing reasons, is to be shared with a set of specific origins
>> only, so using 'Access-Control-Allow-Origin: *' is not an option.
> 
> It is. You could terminate the request if the Origin request header
> was not "correct".

How should this work with CDNs and downstream caches?

>> I'd appreciate pointers if this issue had been discussed before, as I have
>> failed to find any previous discussion in the list archives.
> 
> If we were to do this at this point we probably have to introduce a
> new header or force everyone to sniff user agents for support.
> However, there haven't been many requests for it.

I don't understand how sniffing user-agents relates to this issue.

Nils

Received on Wednesday, 30 April 2014 13:57:14 UTC