W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

RE: Issue 1310_CACHE

From: Paul Leach <paulle@microsoft.com>
Date: Wed, 30 Jul 1997 18:55:42 -0700
Message-Id: <28347281A2B5CF119AB000805FD4186603740189@RED-77-MSG.dns.microsoft.com>
To: jg@w3.org, mogul@pa.dec.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, "'frystyk@w3.org'" <frystyk@w3.org>


> ----------
> Change section 13.10, 4th paragraph from
> 
>    Some HTTP methods may invalidate an entity. This is either
>    the entity referred to by the Request-URI, or by the Location
>    or Content-Location response-headers (if present).
>    These methods are:
> 
>    o PUT
>    o DELETE
>    o POST
> 
>    In order to prevent denial of service attacks, an invalidation
>    based on the URI in a Location or Content-Location header MUST
>    only be performed if the host part is the same as in the
>    Request-URI.
> 
> to
> 
>    All non-idempotent methods SHOULD invalidate a cached entity
>    identified either by the Request-URI, or by a Content-Location
>    header (if present).
> 
>    In order to prevent denial of service attacks, an invalidation
>    based on the URI in Content-Location header MUST only be
>    performed if the host part is the same as in the Request-URI.
> 
This would be wrong. PUT is idempotent, as is DELETE, and both of them
need to invalidate what is in the Request-URI, or Content-Location
header (if present).
Received on Wednesday, 30 July 1997 18:57:44 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:50 EDT