> > > (D2) It seems like this is a value that browsers might cache, to avoid > > unnecessary requests if the same page is framed in the future. If this > > is something browsers do today, please say so. > > Actually I like to push back in this case, as I don't think we should go > into implementation specific details that have no effect on the bits on > the wire nor on the effective behavior of the browser. > The X-Frame-Options header determines the behaviour for every individual > requested page regarding framing in another web page in the browser. > Whether the browser caches this information and compares the request > with an existing cache from a request from before AND if the value is > identical proceeds as before or whether the browser evaluates the > X-Frame-Options header on each request should not be specified in this > draft.
I'll note also that this is particularly the case because this is documenting something that exists, but that isn't recommended for implementation. If this were a PS that we were recommending for new implementations, it might make more sense to talk about how to do caching for better implementations. Barry
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
