Loading ...
Sorry, an error occurred while loading the content.

Re: [rest-discuss] conneg considered harmful

Expand Messages
  • Nicholas Shanks
    ... I had previously suggested the very same, but apparently doing this raises security issues with intermediary caches. e.g. malicious page A sends response
    Message 1 of 20 , Jun 24, 2013
    • 0 Attachment
      On 22 June 2013 03:16, Glenn Block <glenn.block@...> wrote:

      > So no one has any thoughts on content-location with regards to reducing the need for a redirect?

      I had previously suggested the very same, but apparently doing this
      raises security issues with intermediary caches. e.g. malicious page A
      sends response back claiming to be a representation of page B,
      intermediate layer caches this, and returns that response for future
      requests to B. There needs to be a way to declare that B trusts A to
      provide representations for itself, and for intermediaries to verify
      this before caching the response. Apparently being on the same domain
      is not sufficient for the HTTP folks.

      --
      Nicholas.
    Your message has been successfully submitted and would be delivered to recipients shortly.