IE prevents HTTPS downloads when non-caching header is sent
Posted: Sun Oct 04, 2009 2:05 pm
Read this blog post from ex-IE-dev Eric Law and the comments to it:
http://blogs.msdn.com/ieinternals/archi ... cache.aspx
I guess IE is the only browser implementing this (security?) feature.
Now where is the security gain in this and why did "major customers (especially banks)" ask for this feature?
/edit:
After racking my brains for nearly half an hour, I came to the conclusion that this feature couldn't possibly have been meant for security but merely to save some HTTPS traffic…
Now Microsoft could have at least given the user a better error message, like let's say:
http://blogs.msdn.com/ieinternals/archi ... cache.aspx
I guess IE is the only browser implementing this (security?) feature.
Now where is the security gain in this and why did "major customers (especially banks)" ask for this feature?
/edit:
After racking my brains for nearly half an hour, I came to the conclusion that this feature couldn't possibly have been meant for security but merely to save some HTTPS traffic…
Now Microsoft could have at least given the user a better error message, like let's say:
So this thread is probably better off in the 'Web Tech' sub forum.In order to save some traffic for our valuable customers this download has been blocked. This message is brought to you by Acme Banking Corp. Have a nice day!