- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Wed, 10 Jan 96 14:37:57 PST
- To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU>
- Cc: http-caching@pa.dec.com
> I therefore propose (again, I also did this somewhere in the summer) a
>
> Cache-control: public
>
> response header that could be used to override the restriction in
> Section 10.6.
Why not just use the existing options:
Cache-control: cachable
or
Cache-control: private
Hmmm, come to think of it, "public" would be better than "cachable"
in any case.
Can I take it that we have a consensus on this:
Cache-control: public
means that a response including an Authorization: header
may be returned from a cache entry, overriding the
restriction of Section 10.6.
with the understanding that as the HTTP security model evolves,
we may need to extend or modify this?
With that in the specification, what (if any) meaning is is
left for "Cache-control: cachable"? That is, how does a response
containing this directive differ from a response not containing
it? Does "Cache-control: cachable" override other "do not cache"
parts of the spec (other than section 10.6)? Or was this the only
intended purpose?
-Jeff
Received on Wednesday, 10 January 1996 23:00:58 UTC