- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 30 Jan 2013 18:06:17 -0800
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Neither of which is relevant to this discussion of cache control. It is not the recipients job to second guess the origin server. ....Roy On Jan 30, 2013, at 1:37 PM, David Morris <dwm@xpasc.com> wrote: > > > On Wed, 30 Jan 2013, Roy T. Fielding wrote: > >> Yes. Generally speaking, if the origin server puts two mutually >> exclusive directives in the same header field, they want the >> recipient to apply the most lenient one to which they are fully >> compliant (i.e., the same principle we define for extensions). >> >> If the origin server doesn't want that, then it doesn't send public. >> >> I don't see anything vague about it (at least no more vague than the >> concept of caching itself). And keep in mind that this is only a >> MAY for caches: they don't have to cache it; they have permission to. > > Ummm ... that interpretation applied to a conflict in a privacy setting > makes no sense ... a conflcit regarding privacy and/or security must > always be resolved with the most restrictive directive. >
Received on Thursday, 31 January 2013 02:06:48 UTC