- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Mon, 21 Nov 2022 16:08:38 +1300
- To: ietf-http-wg@w3.org
On 21/11/2022 2:05 pm, Mark Nottingham wrote: > HI Erik, > >> On 15 Nov 2022, at 9:02 pm, Erik Witt <erik.witt@baqend.com> wrote: >> >> Hi everyone! >> >> I have a quick question on how to interpret the HTTP Caching spec. I have sent this question a week ago but I think it was blocked because I wasn't subscribed to the list at the time - so I hope this is not a duplicate. >> >> To the question: >> >> Is it allowed for a CDN to collapse requests and then send responses that are marked as private in the cache control header to different users (also including potential set-cookie headers)? >> >> We have seen this behaviour on HTML requests in the past and were wondering if the spec forbids it. There are two cases here to be aware of that match your description: * when "private" is already marked on the response from origin. AFAIK this is generally bad behaviour from a CDN. But no worse than going against a (not specified) "SHOULD NOT", given that CDN have an explicit service contract to act as reverse-proxy with the origin. * when "private" is added by the CDN itself, storage and collapsing can be done on the original non-private response received. This is a reasonable case for a CDN proxy. I am aware of at least a handful of CDN / reverse-proxy around the world doing so. Whether they collapse traffic using Cookies I am not sure. HTH Amos
Received on Monday, 21 November 2022 03:08:56 UTC