- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 8 Jun 2010 11:33:34 +1000
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Duane Wessels <wessels@packet-pushers.com>, JeffMogul@acm.org
I haven't heard any comment on this proposal. I *think* it accurately reflects what's in 2616, and AFAICT from the history, what's in 2616 was intentional. Thoughts? On 02/06/2010, at 2:54 PM, Mark Nottingham wrote: > > Counter-proposal: > > Add a new section to p6: > > ---8<--- > Shared Caching of Authenticated Responses > > Shared caches MUST NOT use a cached response to a request with an Authorization [ref] header to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response. > > In this specification, the following Cache-Control response directives [ref] have such an effect: must-revalidate, public, s-maxage. > > Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be served stale [ref] by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server. > --->8--- > > ... with appropriate changes to p6 2.1, 2.2, as well as the definitions of the Auth header and appropriate CC directives. -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 8 June 2010 01:34:03 UTC