Ian Hickson wrote:
On Fri, 19 Oct 2007, Anne van Kesteren wrote:
As for the questions:
1. Would the first reply be cached if it did not allow access (did not have
Access-Control/<?access-control?>)?
2. Would the first reply be cached if the desired method was not listed in
Allow?
3. Would it remain cached if the second reply did not allow access?
For all of these I would say "no", because the overwhelmingly common case
where access is denied is when a developer is implementing an app that
goes cross-site, and until the cross-site request works, the developer
will be tweaking the code. If it is cached, the developer will have to
flush the cache between each test attempt.
I see no advantage to caching these; they are the exceptional case, so
you shouldn't gain much (in terms of performance) from caching the reply.
Agreed. The overwhelmingly common case will be that access is granted,
as there is no incentive to make requests that fail.
One important thing to mention in the spec is that the cache must be
keyed on the referer-root value. So that you don't cache an
access-granted based on one site requesting, and use the cache when
another site is.
/ Jonas
