RE: questions -- clarifications requested

> For POST, if the response entity-body, in the language of the spec, 
> "contains the result of the action", and "corresponds to a resource", 
> and the server wishes the result to be able to be cached, then the 
> Location: header is required, as is proper use of Expires, 
> Last-Modified, etc.  If the response entity-body "describes the result 
> of the action", and does not correspond to a resource, then Location: 
> must not be present, and Expires, Last-Modified, etc., relating to 
> caching are not allowed.

I wouldn't trust an "Expires" that didn't actually come along with the
document being served. There's a security hole otherwise; Joe
'Microsoft-is-Evil' might put up a form <click here> that returns

================================================================
Location: http://www.microsoft.com
Expires: 01 Jan 2001 12:00:00 pST

<body>I am the evil Borg.</body>
================================================================


Why don't we leave it as 'Can't cache POST' and not bother gilding
this particular lily?

Received on Wednesday, 30 August 1995 16:27:05 UTC