On 2007-10-09 14:15:28 +0200, Anne van Kesteren wrote: > The scenario is like this: > > 1. Script does a POST request to http://example.org/foo > 2. Script does a POST request to http://example.org/foo > > This results in the following: > > 1. UA does GET access request check to http://example.org/foo > 2. UA does POST access request to http://example.org/foo > 3. UA does GET access request check to http://example.org/foo > 4. UA does POST access request to http://example.org/foo > > The user agent does 3 because the HTTP cache for http://exmaple.org/foo is > invalidated at 2 (because of the POST). We want a way to override this for > access request checks so you don't have to an actual access request check > for each request to the same resource.
The POST might change the state of that resource. Why do we believe that it won't change the access-control policy associated with the resource? (Yes, I do realize that there is a race condition in here in any event.) -- Thomas Roessler, W3C <[EMAIL PROTECTED]>
