Re: Headers vs Response Code for 2NN Contents Of Related

On 29 September 2014 13:54, Sandro Hawke <> wrote:

>  On 09/28/2014 07:13 PM, Matthew Kerwin wrote:
>  ​If it's 200 you have to be careful to set the cache control headers
> etc. so that intermediate caches don't screw things up.
> It sounds like you don't trust the Vary: Prefer to do its job.    Are you
> just being cautious, or is there reason to think Vary doesn't actually work
> (or perhaps that I'm misunderstanding what it does).
> ​
> ​

I'm not entirely trusting, no. It might be paranoia, but it might also come
from random interactions with HTTP/1.0 proxies in the wild. I still send
Pragma headers, too. :\


> Yes, there's a lot to be said for this design (sending 303 and a body), if
> it would work.    I only have it second hand that it doesn't work, so I
> don't even know the original source of my claim that it doesn't.
That's definitely the crux, then. Whichever failure mode is more likely
(poisoning caches in spite of Vary, vs. stripping body of 303) is the one
that should be handled by default. I'd be doing a survey here, and some
field tests, to inform the decision.

How about adding a(n optional?) response status code parameter to the
preference: Prefer:get-other=200 vs Prefer:get-other=303, with the default
(if any) going to whichever case you think is more likely. That way you can
get around/through known-bad proxies if you want. Also: sorry for just
thinking of yet another name for the preference, I can't remember what the
current front-runner is, to use that.

  Matthew Kerwin

Received on Monday, 29 September 2014 04:17:00 UTC