- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Tue, 08 Jun 2010 09:08:45 +0200
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
mån 2010-06-07 klockan 19:40 -0700 skrev Roy T. Fielding: > Wouldn't it be easier to just say Authorization implies > "Cache-control: private" unless explicitly given otherwise? What is "explicitly given otherwise"? There is no directive which explicitly negates private. Cache-Control directives all adds up to the status of the response, restricting the bounds of caching or softly extending it. There technically is no conflict in "Cache-Control: private, public, s-maxage=100000" even if the "public, s-maxage=100000" part is redundant. (private MUST NOT, public/s-max-age MAY) I don't see how to get out of this without explicitly stating which directives overrides the implicit "private". And referencing to the authenticated state as an implicit "private" only adds confusion I think, reducing the meaning of MUST NOT unless worded carefully. Regards Henrik
Received on Tuesday, 8 June 2010 07:48:40 UTC