Re: NEW: #235: Cache Invalidation only happens upon successful responses

Roy, what's your precise definition of successful? 2xx, or 2xx + 3xx?

E.g., 303 See Other seems like it's squarely within the intent of cache invalidation, since Location is included.


On 26/07/2010, at 11:33 PM, Roy T. Fielding wrote:

> On Jul 25, 2010, at 8:19 AM, Moore, Jonathan wrote:
>> By successful response, do you mean "received a response successfully" or "received a response with a 2xx response code"? If the former, I think I'd agree, but if the latter, there are definitely non-2xx response codes that would still give an indication that a cached entry wasn't valid anymore (for example, a 404).
> No, it must be a success response from the origin server.  No other response
> indicates that the cached GET is invalid because the origin server may use
> various error responses to deal with authenticatiin problems on the
> part of an attacker.
> ....Roy

Mark Nottingham

Received on Monday, 18 October 2010 04:29:01 UTC