On Sun, Aug 18, 2013 at 1:58 AM, Barry Leiba <[email protected]>wrote:
> > (D2) It seems like this is a value that browsers might cache, to avoid >> > unnecessary requests if the same page is framed in the future. If this >> > is something browsers do today, please say so. >> >> Actually I like to push back in this case, as I don't think we should go >> into implementation specific details that have no effect on the bits on >> the wire nor on the effective behavior of the browser. >> The X-Frame-Options header determines the behaviour for every individual >> requested page regarding framing in another web page in the browser. >> Whether the browser caches this information and compares the request >> with an existing cache from a request from before AND if the value is >> identical proceeds as before or whether the browser evaluates the >> X-Frame-Options header on each request should not be specified in this >> draft. > > > I'll note also that this is particularly the case because this is > documenting something that exists, but that isn't recommended for > implementation. If this were a PS that we were recommending for new > implementations, it might make more sense to talk about how to do caching > for better implementations. > > Barry > I understand. Caching is just another aspect of existing implementation behavior that I think should be documented. Of course, I may be off base here. If nobody does it, and people think it's patently obvious that you never would, then I could clear. --Richard
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
