- From: Paul Leach <paulle@microsoft.com>
- Date: Wed, 30 Jul 1997 18:55:42 -0700
- To: jg@w3.org, mogul@pa.dec.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, "'frystyk@w3.org'" <frystyk@w3.org>
> ---------- > Change section 13.10, 4th paragraph from > > Some HTTP methods may invalidate an entity. This is either > the entity referred to by the Request-URI, or by the Location > or Content-Location response-headers (if present). > These methods are: > > o PUT > o DELETE > o POST > > In order to prevent denial of service attacks, an invalidation > based on the URI in a Location or Content-Location header MUST > only be performed if the host part is the same as in the > Request-URI. > > to > > All non-idempotent methods SHOULD invalidate a cached entity > identified either by the Request-URI, or by a Content-Location > header (if present). > > In order to prevent denial of service attacks, an invalidation > based on the URI in Content-Location header MUST only be > performed if the host part is the same as in the Request-URI. > This would be wrong. PUT is idempotent, as is DELETE, and both of them need to invalidate what is in the Request-URI, or Content-Location header (if present).
Received on Wednesday, 30 July 1997 18:57:44 UTC