- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 30 Aug 1995 16:24:24 PDT
- To: paulle@microsoft.com
- Cc: sjk@amazon.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> For POST, if the response entity-body, in the language of the spec, > "contains the result of the action", and "corresponds to a resource", > and the server wishes the result to be able to be cached, then the > Location: header is required, as is proper use of Expires, > Last-Modified, etc. If the response entity-body "describes the result > of the action", and does not correspond to a resource, then Location: > must not be present, and Expires, Last-Modified, etc., relating to > caching are not allowed. I wouldn't trust an "Expires" that didn't actually come along with the document being served. There's a security hole otherwise; Joe 'Microsoft-is-Evil' might put up a form <click here> that returns ================================================================ Location: http://www.microsoft.com Expires: 01 Jan 2001 12:00:00 pST <body>I am the evil Borg.</body> ================================================================ Why don't we leave it as 'Can't cache POST' and not bother gilding this particular lily?
Received on Wednesday, 30 August 1995 16:27:05 UTC