- From: Erik Witt <erik.witt@baqend.com>
- Date: Tue, 15 Nov 2022 11:02:56 +0100
- To: ietf-http-wg@w3.org
- Message-ID: <CALN_VUAA7X_Eh+w8mrV=88MmU-XWJYG2MZHB7tJcnc_TOcJFrQ@mail.gmail.com>
Hi everyone! I have a quick question on how to interpret the HTTP Caching <https://httpwg.org/specs/rfc9111.html#rfc.iref.c.3> spec. I have sent this question a week ago but I think it was blocked because I wasn't subscribed to the list at the time - so I hope this is not a duplicate. To the question: Is it allowed for a CDN to collapse requests and then send responses that are marked as private in the cache control header to different users (also including potential set-cookie headers)? We have seen this behaviour on HTML requests in the past and were wondering if the spec forbids it. The section we found relevant to the question were: * section 4 <https://httpwg.org/specs/rfc9111.html#constructing.responses.from.caches> saying "A cache can use a response *that is stored or storable* to satisfy multiple requests, provided that it is *allowed to reuse* that response for the requests in question. This enables a cache to collapse requests — or combine multiple incoming requests into a single forward request upon a cache miss — thereby reducing load on the origin server and network." * section 5.2.2.7 <https://httpwg.org/specs/rfc9111.html#cache-response-directive.private> about the private directive saying "The unqualified private response directive indicates that a shared cache *MUST NOT store* the response (i.e., the response *is intended for a single user*)." But at the same time "Note: This usage of the word "private" only controls where the response can be stored; *it cannot ensure the privacy of the message content*". Could you help me with that question? Best Erik -- *Erik Witt* VP Product *Contact* Phone: +49 176 47156597 Email: *erik.witt@speedkit.com <erik.witt@speedkit.com>* Web: speedkit.com <https://www.speedkit.com/> Baqend GmbH · Stresemannstraße 23 · 22769 Hamburg
Received on Tuesday, 15 November 2022 10:03:23 UTC