- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 26 Nov 2008 13:10:01 +0100
Thomas Broyer wrote: > ... >> You can already handle the case of content that's available unauthenticated, >> but would potentially differ in case of being authenticated by adding >> >> Vary: Authorization >> >> to a response. > > I seem to recall Roy T. Fielding arguing *against* that when we were > discussing user-specific service documents in the Atom Protocol group. > ... It's not needed when the resource only allows authenticated access. It *will* be necessary (or some other response header dealing with caching) if you mix both authenticated and anonymous access to the same resource. BR, Julian
Received on Wednesday, 26 November 2008 04:10:01 UTC