- From: Roy T. Fielding <fielding@kiwi.ICS.UCI.EDU>
- Date: Tue, 15 Apr 1997 21:19:30 -0700
- To: Jeffrey Mogul <mogul@pa.dec.com>
- Cc: http-wg@cuckoo.hpl.hp.com
>The question here is "when should a cache store and reuse a response >from a CGI script?". CGI is no different than any other part of the server. I think it is a mistake to encode namespace assumptions into the protocol, particularly when we have already provided a means for origin servers to explicitly mark something as non-cachable. > We note one exception to this rule: since some applications have > traditionally used GETs and HEADs with query URLs (those containing a > "?" in the rel_path part) to perform operations with significant side > effects, caches MUST NOT treat responses to such URLs as fresh unless > the server provides an explicit expiration time. This specifically > means that responses from HTTP/1.0 servers for such URIs should not > be taken from a cache. See section 9.1.1 for related information. I would prefer to delete the above from the spec. >[9.1.1 defines "safe methods".] > >I propose adding this to the end of section 13.9: > > Note that some HTTP/1.0 cache operators have found that it is > dangerous to cache responses to requests for URLs including the > string "cgi-bin". HTTP/1.1 caches should follow this practice > for responses that do not include an explicit expiration time. > HTTP/1.1 origin servers that want to allow caching of responses > for URLs including "?" or "cgi-bin" SHOULD include an explicit > expiration time. Explicit expiration times may be specified > using Expires, or the max-age directive of Cache-Control, or > both. I think it is a bad idea -- whether or not a resource is based on a script has nothing to do with its cachability. If we need a backwards way to protect against old CGI scripts, then use the Last-Modified distinction that Ari mentioned. .....Roy
Received on Tuesday, 15 April 1997 21:22:15 UTC