- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 24 Jun 2012 20:30:59 +0200
- To: Mark Nottingham <mnot@mnot.net>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 2012-06-19 08:11, Julian Reschke wrote: > ... In the meantime, we have opened and resolved issue #361, by adding text that requires recipients to process all syntax variations allowed by the ABNF (see <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1682>). With that, I'd like to go back to this issue; here's the text I proposed before we discussed #361, with a few inline comments prefixed "JR:". 3.2. Cache-Control The "Cache-Control" header field is used to specify directives for caches along the request/response chain. Such cache directives are unidirectional in that the presence of a directive in a request does not imply that the same directive is to be given in the response. A cache MUST obey the requirements of the Cache-Control directives defined in this section. See Section 3.2.3 for information about how Cache-Control directives defined elsewhere are handled. Note: HTTP/1.0 caches might not implement Cache-Control and might only implement Pragma: no-cache (see Section 3.4). A proxy, whether or not it implements a cache, MUST pass cache directives through in forwarded messages, regardless of their significance to that application, since the directives might be applicable to all recipients along the request/response chain. It is not possible to target a directive to a specific cache. JR: text below is new: Cache directives are identified by a token, to be compared case- insensitively, and have an optional argument, that can use both token and quoted-string syntax. For the directives defined below that define arguments, recipients ought to accept both forms, even if one is documented to be preferred. For any directive not defined by this specification, recipients MUST accept both forms. Cache-Control = 1#cache-directive cache-directive = token [ "=" ( token / quoted-string ) ] For the cache directives defined below, no argument is defined (nor allowed) otherwise stated otherwise. JR: I believe Mark wasn't happy with: "For any directive not defined by this specification, recipients MUST accept both forms." Given what we did for issue #361, this would now repeat what we said about recipient requirements based on the ABNF. I still think it's good to state, because previously the ABNF was ambigouos; for instance, max-age=5 would have two ABNF paths match (as both "max-age" and "cache-extension"), while max-age="5" would match just "cache-extension", and the spec didn't really say what that means. We need to address this problem for the existing directives, and SHOULD avoid it for new directives; this proposal is my attempt to do so). JR: remaining text is almost the same; except for the introduction of subsections, ABNF for parameter values, and notes about the "preferred" notation. 3.2.1. Request Cache-Control Directives 3.2.1.1. no-cache The no-cache request directive indicates that a cache MUST NOT use a stored response to satisfy the request without successful validation on the origin server. 3.2.1.2. no-store The no-store request directive indicates that a cache MUST NOT store any part of either this request or any response to it. This directive applies to both private and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best- effort attempt to remove the information from volatile storage as promptly as possible after forwarding it. This directive is NOT a reliable or sufficient mechanism for ensuring privacy. In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping. Note that if a request containing this directive is satisfied from a cache, the no-store request directive does not apply to the already stored response. 3.2.1.3. max-age Argument syntax: delta-seconds (see Section 1.5) The max-age request directive indicates that the client is unwilling to accept a response whose age is greater than the specified number of seconds. Unless the max-stale request directive is also present, the client is not willing to accept a stale response. Note: This directive uses the token form of the argument syntax; e.g., 'max-age=5', not 'max-age="5"'. Senders SHOULD NOT use the quoted-string form. 3.2.1.4. max-stale Argument syntax: delta-seconds (see Section 1.5) The max-stale request directive indicates that the client is willing to accept a response that has exceeded its expiration time. If max- stale is assigned a value, then the client is willing to accept a response that has exceeded its expiration time by no more than the specified number of seconds. If no value is assigned to max-stale, then the client is willing to accept a stale response of any age. Note: This directive uses the token form of the argument syntax; e.g., 'max-stale=10', not 'max-stale="10"'. Senders SHOULD NOT use the quoted-string form. 3.2.1.5. min-fresh Argument syntax: delta-seconds (see Section 1.5) The min-fresh request directive indicates that the client is willing to accept a response whose freshness lifetime is no less than its current age plus the specified time in seconds. That is, the client wants a response that will still be fresh for at least the specified number of seconds. Note: This directive uses the token form of the argument syntax; e.g., 'min-fresh=20', not 'min-fresh="20"'. Senders SHOULD NOT use the quoted-string form. 3.2.1.6. no-transform The no-transform request directive indicates that an intermediary (whether or not it implements a cache) MUST NOT change the Content- Encoding, Content-Range or Content-Type request header fields, nor the request representation. 3.2.1.7. only-if-cached The only-if-cached request directive indicates that the client only wishes to obtain a stored response. If it receives 3ive, a cache SHOULD either respond using a stored response that is consistent with the other constraints of the request, or respond with a 504 (Gateway Timeout) status code. If a group of caches is being operated as a unified system with good internal connectivity, a member cache MAY forward such a request within that group of caches. 3.2.2. Response Cache-Control Directives 3.2.2.1. public The public response directive indicates that a response whose associated request contains an 'Authentication' header MAY be stored (see Section 2.7). 3.2.2.2. private Argument syntax: #field-name The private response directive indicates that the response message is intended for a single user and MUST NOT be stored by a shared cache. A private cache MAY store the response. If the private response directive specifies one or more field-names, this requirement is limited to the field-values associated with the listed response header fields. That is, a shared cache MUST NOT store the specified field-names(s), whereas it MAY store the remainder of the response message. The field-names given are not limited to the set of standard header fields defined by this specification. Field names are case- insensitive. Note: This usage of the word "private" only controls where the response can be stored; it cannot ensure the privacy of the message content. Also, private response directives with field-names are often handled by implementations as if an unqualified private directive was received; i.e., the special handling for the qualified form is not widely implemented. Note: This directive uses the quoted-string form of the argument syntax. Senders SHOULD NOT use the token form (even if quoting appears not to be needed for single-entry lists). 3.2.2.3. no-cache Argument syntax: #field-name The no-cache response directive indicates that the response MUST NOT be used to satisfy a subsequent request without successful validation on the origin server. This allows an origin server to prevent a cache from using it to satisfy a request without contacting it, even by caches that have been configured to return stale responses. If the no-cache response directive specifies one or more field-names, then a cache MAY use the response to satisfy a subsequent request, subject to any other restrictions on caching. However, any header fields in the response that have the field-name(s) listed MUST NOT be sent in the response to a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent the re-use of certain header fields in a response, while still allowing caching of the rest of the response. The field-names given are not limited to the set of standard header fields defined by this specification. Field names are case- insensitive. Note: Most HTTP/1.0 caches will not recognize or obey this directive. Also, no-cache response directives with field-names are often handled by implementations as if an unqualified no-cache directive was received; i.e., the special handling for the qualified form is not widely implemented. Note: This directive uses the quoted-string form of the argument syntax. Senders SHOULD NOT use the token form (even if quoting appears not to be needed for single-entry lists). 3.2.2.4. no-store The no-store response directive indicates that a cache MUST NOT store any part of either the immediate request or response. This directive applies to both private and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it. This directive is NOT a reliable or sufficient mechanism for ensuring privacy. In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping. 3.2.2.5. must-revalidate The must-revalidate response directive indicates that once it has become stale, a cache MUST NOT use the response to satisfy subsequent requests without successful validation on the origin server. The must-revalidate directive is necessary to support reliable operation for certain protocol features. In all circumstances a cache MUST obey the must-revalidate directive; in particular, if a cache cannot reach the origin server for any reason, it MUST generate a 504 (Gateway Timeout) response. The must-revalidate directive ought to be used by servers if and only if failure to validate a request on the representation could result in incorrect operation, such as a silently unexecuted financial transaction. 3.2.2.6. proxy-revalidate The proxy-revalidate response directive has the same meaning as the must-revalidate response directive, except that it does not apply to private caches. 3.2.2.7. max-age Argument syntax: delta-seconds (see Section 1.5) The max-age response directive indicates that the response is to be considered stale after its age is greater than the specified number of seconds. Note: This directive uses the token form of the argument syntax; e.g., 'max-age=5', not 'max-age="5"'. Senders SHOULD NOT use the quoted-string form. 3.2.2.8. s-maxage Argument syntax: delta-seconds (see Section 1.5) The s-maxage response directive indicates that, in shared caches, the maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header field. The s-maxage directive also implies the semantics of the proxy-revalidate response directive. Note: This directive uses the token form of the argument syntax; e.g., 's-maxage=10', not 's-maxage="10"'. Senders SHOULD NOT use the quoted-string form. 3.2.2.9. no-transform The no-transform response directive indicates that an intermediary (regardless of whether it implements a cache) MUST NOT change the Content-Encoding, Content-Range or Content-Type response header fields, nor the response representation. Best regards, Julian
Received on Sunday, 24 June 2012 18:31:42 UTC