On 2007-11-05 06:13:01 -0500, Anne van Kesteren wrote: >> Another thing that occurred to me is does HTTP caches take the >> full set of request headers into account when caching? >> Otherwise it could be directly harmful to include Referer-Root >> and Method-Check headers. The cache might store an "authorize" >> reply when the request is made for Referer-Root A and wrongly >> respond with the same document is checked for Referer-Root B.
> The authentication request cache is a seperate thing that uses > the Referer-Root and request URI as "primary key". Or do you mean > something else? Björn is talking about HTTP proxy caches on the network. You really don't want to get these into the critical path for deploying the access-control spec. -- Thomas Roessler, W3C <[EMAIL PROTECTED]>
