#197: Effect of CC directives on history lists

#197: Effect of CC directives on history lists
Reporter:  mnot@pobox.com      |       Owner:
     Type:  design              |      Status:  new
Priority:  normal              |   Milestone:  unassigned
Component:  p6-cache            |     Version:  00-draft
Severity:  Active WG Document  |    Keywords:
   Origin:                      |
Several browser vendors do or will soon respect CC: no-store and CC:  
age=0, must-revalidate for the purposes of history lists, because they  
storing some responses in the history list as a security concern (e.g.,
something with credit card numbers on it).

However, 2616 says that a cache and a history list are separate, and  
that history lists should not unnecessarily prevent users from viewing
stale resources.

This is vague; the wording here implies that the history list has the  
store as the cache, even though they are almost always implemented
separately, as the history list needs to incorporate browser-side  
state as
well as resource state.

This section needs to be revised, and furthermore some means of control
over the history list needs to be provided; either

  1. CC: no-store (and possibly other) directives apply to history  
lists as
well, or
  2. Some other history-specific directives need to be minted (out of  
for HTTPbis, but it can be discussed on-list)

See also:

Ticket URL: <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/197>
httpbis <http://tools.ietf.org/wg/httpbis/>

Mark Nottingham     http://www.mnot.net/

Received on Thursday, 17 September 2009 02:04:05 UTC