Re: Warning: header, need origin

Koen suggests:

   The presence of ``must-revalidate'' must be seen as a signal by the
   service author that the service of which this resource is a part
   may fail to work correctly if the resource is not revalidated every
   time.  Presence of ``must-revalidate'' instead of ``max-age=0''
   indicates that the service author finds that, in case that
   revalidation is not possible, the return of a 504 (Gateway Timeout)
   error response is more desirable than the showing of an unvalidated
   response from cache with a warning.

   User agents SHOULD NOT disregard ``must-revalidate'' directives,
   except maybe if the user has indicated that there are exceptional
   constraints on the usage of network resources.  Every time the
   revalidation of a response with a ``must-revalidate'' directive
   fails or is omitted, the user agent MUST explicitly warn the user
   of the fact that the service author indicated that this may cause
   the service accessed to work incorrectly.

I think this is basically the right approach, but I'd reword it
to be more prescriptive and somewhat more concise:

    Note: servers should send the ``must-revalidate'' directive if and
    only if failure to revalidate a request on the entity could result
    in significantly incorrect operation, such as a silently unexecuted
    financial transaction.  Recipients MUST not take any automated
    action that violates this directive, and MUST not automatically
    provide an unvalidated copy of the entity if revalidation fails.

    Although this is not recommended, user agents operating under
    severe connectivity constraints may violate this directive but if
    so, MUST explicitly warn the user that an unvalidated response has
    been provided.  The warning MUST be provided on each unvalidated
    access, and SHOULD require explicit user confirmation.

-Jeff

Received on Tuesday, 9 April 1996 22:27:26 UTC