On 10/17/12 12:17 AM, Jungkee Song wrote:
Yes, that could solve the issue, but it seems we cannot avoid the
intermediary caching proxy problem unless server actually put "Vary:
User-Agent" in every response. I'm wondering if it's still worth to put it
into spec.
Again, any intermediary proxy that doesn't assume that is in practice
broken with real-world content...
Should we specify the length of the header that the script allows in the
spec?
That does not seem necessary. In particular, the only thing this would
hurt is the script making the request, right?
3. Poorly designed UA-sniffing code may be confused and misinterpret
tokens in the UA.
Sanitizing the header value could be considered.
Yes.
-Boris
