- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Tue, 05 Feb 2008 15:08:34 +0100
- To: David Morris <dwm@xpasc.com>
- Cc: ietf-http-wg@w3.org
- Message-Id: <1202220514.17924.69.camel@hlaptop>
mån 2008-02-04 klockan 21:37 -0800 skrev David Morris: > I don't have the bandwidth at the moment to check, but the same should be > true if the response contains do not cache ... neither the request nor the > response may be cached. It's not. no-cache still allows caches to store the response/request. Response directive no-cache is pretty much the same as max-age=0, must-revalidate. Request directive no-cache just says that a cache may not be used to satisfy this request. It says nothing about how the response is to be handled. Wording is a bit dim on this in the definition of no-cache where only the response directive semantics is considered, but is clarified later on in "Cache Revalidation and Reload Controls" no-store on the other hand says that neither the request ot it's response may be permanently stored in a cache, or that the cache should at least make best effort to permanently erase any data carried in the request and response as soon as possible after completion. no-store is explicitly not limited to responses as also the request may carry sensitive information, i.e. as part of a PUT/POST request. But it gets a little wierd talking about caches in this context. What is really meant all processing agents (not just caches) MUST NOT permanently store the carried request or response entity, not limited to just caches.. But there is no good term for this so "cache" is used as the closest matching term. Storing of the request may occur as part of request forwarding. Quite noticeably if for example scanning PUT request for viruses. This isn't really a cache, but the no-store directive still applies. There is also a request history cache in most user-agents where the directive should apply. It's somewhat unclear to me if a no-store request directive also implies no-cache, or if the request may still be satisfied with a priorly cached entity. But I guess from the description of no-store that it may still be satisfied by a cached entity unless combined with no-cache as it only talks about storing information from this request/response for security/privacy reasons, not how the request may be satisfied. Regards Henrik
Received on Tuesday, 5 February 2008 14:10:30 UTC