[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] Re: [cti-taxii] Meeting Recap
|
John-Mark,
If we did this via URL parameters, would this still be a problem? Is it only a problem with x-headers? If this is a problem with both options then do we not have this problem already?
Bret From: John-Mark Gurney <jmg@newcontext.com>
Sent: Thursday, September 27, 2018 4:18:05 PM To: Bret Jordan Cc: cti-taxii@lists.oasis-open.org Subject: [EXT] Re: [cti-taxii] Meeting Recap Bret Jordan wrote this message on Fri, Sep 21, 2018 at 21:45 +0000:
> 3) We need a way of filtering STIX content that will be returned inside the TAXII bundle. Originally we talked about doing this via a URL parameter, but Ron suggested that this would be best done as an X-header. Either way we would allow a comma separated list of STIX versions or the keyword "all". This is a bad idea if the end point is a GET (which it appears to be). This means any caching proxy between (either server or client side) the client and the server could get confused and cache the wrong content. If this is used, then we need to make sure that the server sends the proper `Cache-Control: no-cache, no-store, must-revalidate` header to ensure that data from one query does not get confused with another one. Normally authentication negates this, but this could be on a public TAXII server, and so caching rules could apply. -- John-Mark |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]