W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: CORS and 304

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 8 Apr 2015 06:33:54 +0200
Message-ID: <CADnb78ie-rq2cW0o_UuOYVHGwYHg01N5BrN7++GvY44WHNO=XA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Odin Hørthe Omdal <odinho@opera.com>, WebAppSec WG <public-webappsec@w3.org>
On Wed, Apr 8, 2015 at 5:30 AM, Mark Nottingham <mnot@mnot.net> wrote:
> 304 is applied to the response in "HTTP network or cache fetch," but you don't allow for the handling of conditional requests there (which all browsers do implement).
> I'd be happy to work on some proposals to fix that, if you're amenable.

Sure. It seems to me though that if it's not in the cache you make
network fetch and only then can you handle 304. But I guess that could
be more tightly coupled than say, redirects, although it seems
somewhat odd.

> Not sure what's new here — every browser I tested passed the core of that suite.

Well that certainly argues for changing the specification. Is there
overlap in the tests they don't pass?

Received on Wednesday, 8 April 2015 04:34:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC