Loading ...
Sorry, an error occurred while loading the content.

19476Re: [rest-discuss] conneg considered harmful

Expand Messages
  • Nicholas Shanks
    Jun 24, 2013
      On 22 June 2013 03:16, Glenn Block <glenn.block@...> wrote:

      > So no one has any thoughts on content-location with regards to reducing the need for a redirect?

      I had previously suggested the very same, but apparently doing this
      raises security issues with intermediary caches. e.g. malicious page A
      sends response back claiming to be a representation of page B,
      intermediate layer caches this, and returns that response for future
      requests to B. There needs to be a way to declare that B trusts A to
      provide representations for itself, and for intermediaries to verify
      this before caching the response. Apparently being on the same domain
      is not sufficient for the HTTP folks.

    • Show all 20 messages in this topic