W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

RE: questions -- clarifications requested

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 30 Aug 1995 16:24:24 PDT
To: paulle@microsoft.com
Cc: sjk@amazon.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <95Aug30.162435pdt.2763@golden.parc.xerox.com>
> For POST, if the response entity-body, in the language of the spec, 
> "contains the result of the action", and "corresponds to a resource", 
> and the server wishes the result to be able to be cached, then the 
> Location: header is required, as is proper use of Expires, 
> Last-Modified, etc.  If the response entity-body "describes the result 
> of the action", and does not correspond to a resource, then Location: 
> must not be present, and Expires, Last-Modified, etc., relating to 
> caching are not allowed.

I wouldn't trust an "Expires" that didn't actually come along with the
document being served. There's a security hole otherwise; Joe
'Microsoft-is-Evil' might put up a form <click here> that returns

Location: http://www.microsoft.com
Expires: 01 Jan 2001 12:00:00 pST

<body>I am the evil Borg.</body>

Why don't we leave it as 'Can't cache POST' and not bother gilding
this particular lily?
Received on Wednesday, 30 August 1995 16:27:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:14 UTC