- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 18 Oct 2010 15:28:30 +1100
- To: Roy T. Fielding <fielding@gbiv.com>
- Cc: "Moore, Jonathan" <jonathan_moore@comcast.com>, HTTP Working Group <ietf-http-wg@w3.org>
Roy, what's your precise definition of successful? 2xx, or 2xx + 3xx? E.g., 303 See Other seems like it's squarely within the intent of cache invalidation, since Location is included. Cheers, On 26/07/2010, at 11:33 PM, Roy T. Fielding wrote: > On Jul 25, 2010, at 8:19 AM, Moore, Jonathan wrote: > >> By successful response, do you mean "received a response successfully" or "received a response with a 2xx response code"? If the former, I think I'd agree, but if the latter, there are definitely non-2xx response codes that would still give an indication that a cached entry wasn't valid anymore (for example, a 404). > > No, it must be a success response from the origin server. No other response > indicates that the cached GET is invalid because the origin server may use > various error responses to deal with authenticatiin problems on the > part of an attacker. > > ....Roy > > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 18 October 2010 04:29:01 UTC