W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2004

Re: Question about Content-Location

From: Koen Holtman <k.holtman@chello.nl>
Date: Thu, 17 Jun 2004 18:10:04 -0400 (EDT)
To: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
Cc: WWW WG <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.44.0406172357150.2426-100000@f10112.upc-f.chello.nl>

Hi Joris,

On Wed, 16 Jun 2004, Joris Dobbelsteen wrote:
> A slight question about the Content-Location header and its impact on
> caching. I don't know whether I'm interpreting the RFC text correctly...
> I request the root page "/",
> Which returns "Content-Location: /Default.aspx"

I'm assuming that you mean that the root page returns a 200 response, not
a redirect.  (A Content-location in a redirect would be somewhat unusual,
the redirect usually has a Location only.  If the response you have in 
mind _is_ a redirect, actually my answer below also applies)

> Would the proxy new threat "/" and "/Default.aspx" are the same locations?
> Or should it rather keep these two seperately and create/update both "/" and
> "/Default.aspx" in the cache?

No, the proxy should treat them as different locations and create/update 
separately.  From rfc2616:

 A cache cannot assume that an entity with a Content-Location different 
 from the URI used to retrieve it can be used to respond to later requests 
 on that Content-Location URI. 

Basically, this rule is there for security reasons.  A cache cannot know
(and should never assume) that the URLs http://website/Default.aspx and
http://website/ are under the control of the same author.  If it would
falsely assume this, then the author of Default.aspx can spoof the
contents of http://website/ for all users of the cache.

> This is because users like to type
> http://website/
> And my pages refer to the home page as
> http://website/Default.aspx
> Thanks,
> - Joris

Received on Thursday, 17 June 2004 18:25:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:37 UTC