On 22 June 2013 03:16, Glenn Block <glenn.block@...
> So no one has any thoughts on content-location with regards to reducing the need for a redirect?
I had previously suggested the very same, but apparently doing this
raises security issues with intermediary caches. e.g. malicious page A
sends response back claiming to be a representation of page B,
intermediate layer caches this, and returns that response for future
requests to B. There needs to be a way to declare that B trusts A to
provide representations for itself, and for intermediaries to verify
this before caching the response. Apparently being on the same domain
is not sufficient for the HTTP folks.