>The question here is "when should a cache store and reuse a response >from a CGI script?". CGI is no different than any other part of the server. I think it is a mistake to encode namespace assumptions into the protocol, particularly when we have already provided a means for origin servers to explicitly mark something as non-cachable. > We note one exception to this rule: since some applications have > traditionally used GETs and HEADs with query URLs (those containing a > "?" in the rel_path part) to perform operations with significant side > effects, caches MUST NOT treat responses to such URLs as fresh unless > the server provides an explicit expiration time. This specifically > means that responses from HTTP/1.0 servers for such URIs should not > be taken from a cache. See section 9.1.1 for related information. I would prefer to delete the above from the spec. >[9.1.1 defines "safe methods".] > >I propose adding this to the end of section 13.9: > > Note that some HTTP/1.0 cache operators have found that it is > dangerous to cache responses to requests for URLs including the > string "cgi-bin". HTTP/1.1 caches should follow this practice > for responses that do not include an explicit expiration time. > HTTP/1.1 origin servers that want to allow caching of responses > for URLs including "?" or "cgi-bin" SHOULD include an explicit > expiration time. Explicit expiration times may be specified > using Expires, or the max-age directive of Cache-Control, or > both. I think it is a bad idea -- whether or not a resource is based on a script has nothing to do with its cachability. If we need a backwards way to protect against old CGI scripts, then use the Last-Modified distinction that Ari mentioned. .....RoyReceived on Wednesday, 16 April 1997 04:25:28 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:34 EDT