- From: <http-wg@cuckoo.hpl.hp.com>
- Date: Wed, 16 Apr 1997 11:54:48 +0100
- To: mogul@pa.dec.com
- Cc: http-wg@cuckoo.hpl.hp.com
>The question here is "when should a cache store and reuse a response >from a CGI script?". CGI is no different than any other part of the server. I think it is a mistake to encode namespace assumptions into the protocol, particularly when we have already provided a means for origin servers to explicitly mark something as non-cachable. > We note one exception to this rule: since some applications have > traditionally used GETs and HEADs with query URLs (those containing a > "?" in the rel_path part) to perform operations with significant side > effects, caches MUST NOT treat responses to such URLs as fresh unless > the server provides an explicit expiration time. This specifically > means that responses from HTTP/1.0 servers for such URIs should not > be taken from a cache. See section 9.1.1 for related information. I would prefer to delete the above from the spec. >[9.1.1 defines "safe methods".] > >I propose adding this to the end of section 13.9: > > Note that some HTTP/1.0 cache operators have found that it is > dangerous to cache responses to requests for URLs including the > string "cgi-bin". HTTP/1.1 caches should follow this practice > for responses that do not include an explicit expiration time. > HTTP/1.1 origin servers that want to allow caching of responses > for URLs including "?" or "cgi-bin" SHOULD include an explicit > expiration time. Explicit expiration times may be specified > using Expires, or the max-age directive of Cache-Control, or > both. I think it is a bad idea -- whether or not a resource is based on a script has nothing to do with its cachability. If we need a backwards way to protect against old CGI scripts, then use the Last-Modified distinction that Ari mentioned. .....Roy
Received on Wednesday, 16 April 1997 04:25:28 UTC