- From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
- Date: Thu, 11 Jan 1996 10:50:49 -0800
- To: Jeffrey Mogul <mogul@pa.dec.com>
- Cc: http-caching@pa.dec.com
> Can I take it that we have a consensus on this: > > Cache-control: public > means that a response including an Authorization: header > may be returned from a cache entry, overriding the > restriction of Section 10.6. Actually, it is "a response to a request which included an Authorization header field" -- the restriction in 10.6 would need to be updated. > with the understanding that as the HTTP security model evolves, > we may need to extend or modify this? I suppose, but I can't think of any security model that would change it. > With that in the specification, what (if any) meaning is is > left for "Cache-control: cachable"? That is, how does a response > containing this directive differ from a response not containing > it? Does "Cache-control: cachable" override other "do not cache" > parts of the spec (other than section 10.6)? Or was this the only > intended purpose? "public" would replace "cachable" -- it is simply a better name. I think it would also override the non-cachable default on methods other than GET and HEAD -- the current wording in draft 00 is too restrictive in the method sections. .....Roy
Received on Thursday, 11 January 1996 19:19:31 UTC