- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Tue, 15 Apr 97 17:12:15 MDT
- To: http-wg@cuckoo.hpl.hp.com
According to my notes from the Memphis meeting, I agreed to draft a clarification for the spec, in response to this item. The reference from the Issues List is to a message I wrote in December: http://www.ics.uci.edu/pub/ietf/http/hypermail/1996q4/0363.html The question here is "when should a cache store and reuse a response from a CGI script?". I'm not sure that the HTTP/1.1 specification needs to say much more about this ... but since it apparently was not sufficiently clear to at least some readers, I'll propose an editorial change. Currently, in section 13.9 (Side Effects of GET and HEAD) reads, in its entirety: Unless the origin server explicitly prohibits the caching of their responses, the application of GET and HEAD methods to any resources SHOULD NOT have side effects that would lead to erroneous behavior if these responses are taken from a cache. They may still have side effects, but a cache is not required to consider such side effects in its caching decisions. Caches are always expected to observe an origin server's explicit restrictions on caching. We note one exception to this rule: since some applications have traditionally used GETs and HEADs with query URLs (those containing a "?" in the rel_path part) to perform operations with significant side effects, caches MUST NOT treat responses to such URLs as fresh unless the server provides an explicit expiration time. This specifically means that responses from HTTP/1.0 servers for such URIs should not be taken from a cache. See section 9.1.1 for related information. [9.1.1 defines "safe methods".] I propose adding this to the end of section 13.9: Note that some HTTP/1.0 cache operators have found that it is dangerous to cache responses to requests for URLs including the string "cgi-bin". HTTP/1.1 caches should follow this practice for responses that do not include an explicit expiration time. HTTP/1.1 origin servers that want to allow caching of responses for URLs including "?" or "cgi-bin" SHOULD include an explicit expiration time. Explicit expiration times may be specified using Expires, or the max-age directive of Cache-Control, or both. -Jeff P.S.: I base the first sentence in the note on the sample configuration file distributed with a recent version of the Squid cache software. If this is actually contrary to normal practice, someone should say so.
Received on Tuesday, 15 April 1997 17:23:44 UTC