RE: Thanks Re Caching Problem

For MSIE there is reason to believe that the browser will cache documents with: "Cache-Control: no-cache", since MSIE's feature "Work Offline". Maybe that "must-revalidate" is never cached by the browser, since commercial banners usually asked to be retreived from the server when working offline.
It is possible that objects are not retreived from cache when working offline is disabled.

To validate this, you should search of ask Microsoft.

And indeed Roy seems to be right. A HTTP/1.1 proxy/server should not serve requests for HTTP/2.0 or later clients, but may do it for a HTTP/1.9 or HTTP/1.10 request according to the HTTP/1.1 RFC. This is outlined in the RFC. This is one failure of the MS-IIS, that serves HTTP/2.0 or later requests, even though it is only a HTTP/1.1 server. Netscape doesn't do this...
Protocol changes that are not compatible with HTTP/1.x should be HTTP/2.0 and not HTTP/1.2 (or any)...

- Joris

> -----Original Message-----
> From: Fielding, Roy [mailto:fielding@eBuilt.com]
> Sent: Wednesday, 08 November 2000 23:50
> To: 'Tim Coates'; http-wg@cuckoo.hpl.hp.com
> Subject: RE: Thanks Re Caching Problem
> 
> 
> > >From a security end we know that HTTP/1.0 has flaws 
> (especially when you
> > introduce a web browser), but it raises the question of how 
> many proxy
> > server are there which only implement HTTP/1.0. All it 
> seems to takes is a
> > single proxy server for a response to be downgraded, and 
> for the browser
> to
> > receive that downgraded response and (correctly?) ignore 
> any settings that
> > are not associated with the protocol identifier in the 
> response - such as
> > Cache-Control headers.
> 
> Incorrectly.  If a browser supports the Cache-Control header field for
> any HTTP/1.x response, then it should support it for every HTTP/1.x
> response.
> The definition of an HTTP header field is defined by the major number,
> not the minor number.
> 
> ....Roy
> 
>

Received on Thursday, 9 November 2000 15:48:25 UTC