- From: Matthew Kerwin <matthew@kerwin.net.au>
- Date: Mon, 29 Sep 2014 14:16:31 +1000
- To: Sandro Hawke <sandro@w3.org>
- Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CACweHNDvFR66U_K2hf3tXL81BeW+0JfHZYk6i+izwQO6Bh0Fww@mail.gmail.com>
On 29 September 2014 13:54, Sandro Hawke <sandro@w3.org> wrote: > On 09/28/2014 07:13 PM, Matthew Kerwin wrote: > > > ​If it's 200 you have to be careful to set the cache control headers > etc. so that intermediate caches don't screw things up. > > > It sounds like you don't trust the Vary: Prefer to do its job. Are you > just being cautious, or is there reason to think Vary doesn't actually work > (or perhaps that I'm misunderstanding what it does). > ​ > ​ > I'm not entirely trusting, no. It might be paranoia, but it might also come from random interactions with HTTP/1.0 proxies in the wild. I still send Pragma headers, too. :\ <snip> > Yes, there's a lot to be said for this design (sending 303 and a body), if > it would work. I only have it second hand that it doesn't work, so I > don't even know the original source of my claim that it doesn't. > > That's definitely the crux, then. Whichever failure mode is more likely (poisoning caches in spite of Vary, vs. stripping body of 303) is the one that should be handled by default. I'd be doing a survey here, and some field tests, to inform the decision. How about adding a(n optional?) response status code parameter to the preference: Prefer:get-other=200 vs Prefer:get-other=303, with the default (if any) going to whichever case you think is more likely. That way you can get around/through known-bad proxies if you want. Also: sorry for just thinking of yet another name for the preference, I can't remember what the current front-runner is, to use that. -- Matthew Kerwin http://matthew.kerwin.net.au/
Received on Monday, 29 September 2014 04:17:00 UTC