W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: Issues-list item "CACHING-CGI"

From: Roy T. Fielding <fielding@kiwi.ICS.UCI.EDU>
Date: Tue, 15 Apr 1997 21:19:30 -0700
To: Jeffrey Mogul <mogul@pa.dec.com>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <9704152119.aa21555@paris.ics.uci.edu>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/3063
>The question here is "when should a cache store and reuse a response
>from a CGI script?".

CGI is no different than any other part of the server.  I think it
is a mistake to encode namespace assumptions into the protocol,
particularly when we have already provided a means for origin servers
to explicitly mark something as non-cachable.

>   We note one exception to this rule: since some applications have
>   traditionally used GETs and HEADs with query URLs (those containing a
>   "?" in the rel_path part) to perform operations with significant side
>   effects, caches MUST NOT treat responses to such URLs as fresh unless
>   the server provides an explicit expiration time. This specifically
>   means that responses from HTTP/1.0 servers for such URIs should not
>   be taken from a cache. See section 9.1.1 for related information.

I would prefer to delete the above from the spec.

>[9.1.1 defines "safe methods".]
>I propose adding this to the end of section 13.9:
>	Note that some HTTP/1.0 cache operators have found that it is
>	dangerous to cache responses to requests for URLs including the
>	string "cgi-bin".  HTTP/1.1 caches should follow this practice
>	for responses that do not include an explicit expiration time.
>	HTTP/1.1 origin servers that want to allow caching of responses
>	for URLs including "?" or "cgi-bin" SHOULD include an explicit
>	expiration time.  Explicit expiration times may be specified
>	using Expires, or the max-age directive of Cache-Control, or
>	both.

I think it is a bad idea -- whether or not a resource is based on
a script has nothing to do with its cachability.  If we need a backwards
way to protect against old CGI scripts, then use the Last-Modified 
distinction that Ari mentioned.

Received on Tuesday, 15 April 1997 21:22:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:19 UTC