W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2022

Re: Collapsing private requests

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 21 Nov 2022 16:08:38 +1300
Message-ID: <44cf6bb2-bca3-bd34-80df-3223c7ddde5b@treenet.co.nz>
To: ietf-http-wg@w3.org
On 21/11/2022 2:05 pm, Mark Nottingham wrote:
> HI Erik,
>> On 15 Nov 2022, at 9:02 pm, Erik Witt <erik.witt@baqend.com> wrote:
>> Hi everyone!
>> I have a quick question on how to interpret the HTTP Caching spec. I have sent this question a week ago but I think it was blocked because I wasn't subscribed to the list at the time - so I hope this is not a duplicate.
>> To the question:
>> Is it allowed for a CDN to collapse requests and then send responses that are marked as private in the cache control header to different users (also including potential set-cookie headers)?
>> We have seen this behaviour on HTML requests in the past and were wondering if the spec forbids it.

There are two cases here to be aware of that match your description:

   * when "private" is already marked on the response from origin.

AFAIK this is generally bad behaviour from a CDN. But no worse than 
going against a (not specified) "SHOULD NOT", given that CDN have an 
explicit service contract to act as reverse-proxy with the origin.

   * when "private" is added by the CDN itself, storage and collapsing 
can be done on the original non-private response received.

This is a reasonable case for a CDN proxy. I am aware of at least  a 
handful of CDN / reverse-proxy around the world doing so. Whether they 
collapse traffic using Cookies I am not sure.

Received on Monday, 21 November 2022 03:08:56 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 1 February 2023 02:18:31 UTC