Changeset 834 for draft-ietf-httpbis


Ignore:
Timestamp:
Jul 1, 2010, 5:03:26 PM (9 years ago)
Author:
mnot@…
Message:

Clarify caching of authenticated responses by shared caches (see #174)

Location:
draft-ietf-httpbis/latest
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p2-semantics.html

    r832 r834  
    916916         </li>
    917917         <li>If the response status is 204, 206, or 304 and the request method was GET or HEAD, the response is a partial representation
    918             of the resource at the Effective Request URI (see <a href="p6-cache.html#combining.headers" title="Combining Responses">Section 2.7</a> of <a href="#Part6" id="rfc.xref.Part6.5"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>).
     918            of the resource at the Effective Request URI (see <a href="p6-cache.html#combining.headers" title="Combining Responses">Section 2.8</a> of <a href="#Part6" id="rfc.xref.Part6.5"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>).
    919919         </li>
    920920         <li>If the response has a Content-Location header, and that URI is the same as the Effective Request URI, the response is a representation
     
    27902790                  </li>
    27912791                  <li class="indline1"><em>Part6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.1">1.2.2</a>, <a class="iref" href="#rfc.xref.Part6.2">1.2.2</a>, <a class="iref" href="#rfc.xref.Part6.3">5</a>, <a class="iref" href="#rfc.xref.Part6.4">5</a>, <a class="iref" href="#rfc.xref.Part6.5">6.1</a>, <a class="iref" href="#rfc.xref.Part6.6">7.3</a>, <a class="iref" href="#Part6"><b>13.1</b></a><ul class="ind">
    2792                         <li class="indline1"><em>Section 2.7</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.5">6.1</a></li>
     2792                        <li class="indline1"><em>Section 2.8</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.5">6.1</a></li>
    27932793                        <li class="indline1"><em>Section 3.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.1">1.2.2</a>, <a class="iref" href="#rfc.xref.Part6.3">5</a></li>
    27942794                        <li class="indline1"><em>Section 3.5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.2">1.2.2</a>, <a class="iref" href="#rfc.xref.Part6.4">5</a></li>
  • draft-ietf-httpbis/latest/p3-payload.html

    r832 r834  
    12881288      <p id="rfc.section.5.7.p.6">A cache cannot assume that an entity with a Content-Location different from the URI used to retrieve it can be used to respond
    12891289         to later requests on that Content-Location URI. However, the Content-Location can be used to differentiate between multiple
    1290          entities retrieved from a single requested resource, as described in <a href="p6-cache.html#caching.negotiated.responses" title="Caching Negotiated Responses">Section 2.6</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>.
     1290         entities retrieved from a single requested resource, as described in <a href="p6-cache.html#caching.negotiated.responses" title="Caching Negotiated Responses">Section 2.7</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>.
    12911291      </p>
    12921292      <p id="rfc.section.5.7.p.7">If the Content-Location is a relative URI, the relative URI is interpreted relative to the Effective Request URI.</p>
     
    22412241                  </li>
    22422242                  <li class="indline1"><em>Part6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.1">1.3.2</a>, <a class="iref" href="#rfc.xref.Part6.2">3.1</a>, <a class="iref" href="#rfc.xref.Part6.3">4.1</a>, <a class="iref" href="#rfc.xref.Part6.4">5.7</a>, <a class="iref" href="#Part6"><b>9.1</b></a>, <a class="iref" href="#rfc.xref.Part6.5">C.1</a><ul class="ind">
    2243                         <li class="indline1"><em>Section 2.6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.4">5.7</a></li>
     2243                        <li class="indline1"><em>Section 2.7</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.4">5.7</a></li>
    22442244                        <li class="indline1"><em>Section 3.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.1">1.3.2</a>, <a class="iref" href="#rfc.xref.Part6.2">3.1</a></li>
    22452245                        <li class="indline1"><em>Section 3.5</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part6.3">4.1</a></li>
  • draft-ietf-httpbis/latest/p6-cache.html

    r832 r834  
    561561               <li class="tocline1">2.4&nbsp;&nbsp;&nbsp;<a href="#validation.model">Validation Model</a></li>
    562562               <li class="tocline1">2.5&nbsp;&nbsp;&nbsp;<a href="#invalidation.after.updates.or.deletions">Request Methods that Invalidate</a></li>
    563                <li class="tocline1">2.6&nbsp;&nbsp;&nbsp;<a href="#caching.negotiated.responses">Caching Negotiated Responses</a></li>
    564                <li class="tocline1">2.7&nbsp;&nbsp;&nbsp;<a href="#combining.headers">Combining Responses</a></li>
     563               <li class="tocline1">2.6&nbsp;&nbsp;&nbsp;<a href="#caching.authenticated.responses">Shared Caching of Authenticated Responses</a></li>
     564               <li class="tocline1">2.7&nbsp;&nbsp;&nbsp;<a href="#caching.negotiated.responses">Caching Negotiated Responses</a></li>
     565               <li class="tocline1">2.8&nbsp;&nbsp;&nbsp;<a href="#combining.headers">Combining Responses</a></li>
    565566            </ul>
    566567         </li>
     
    726727         <li>the "private" cache response directive (see <a href="#cache-response-directive" title="Response Cache-Control Directives">Section&nbsp;3.2.2</a> does not appear in the response, if the cache is shared, and
    727728         </li>
    728          <li>the "Authorization" header (see <a href="p7-auth.html#header.authorization" title="Authorization">Section 3.1</a> of <a href="#Part7" id="rfc.xref.Part7.1"><cite title="HTTP/1.1, part 7: Authentication">[Part7]</cite></a>) does not appear in the request, if the cache is shared (unless the "public" directive is present; see <a href="#header.cache-control" id="rfc.xref.header.cache-control.2" title="Cache-Control">Section&nbsp;3.2</a>), and
     729         <li>the "Authorization" header (see <a href="p7-auth.html#header.authorization" title="Authorization">Section 3.1</a> of <a href="#Part7" id="rfc.xref.Part7.1"><cite title="HTTP/1.1, part 7: Authentication">[Part7]</cite></a>) does not appear in the request, if the cache is shared, unless the response explicitly allows it (see <a href="#caching.authenticated.responses" title="Shared Caching of Authenticated Responses">Section&nbsp;2.6</a>), and
    729730         </li>
    730731         <li>the response either:
     
    762763         </li>
    763764         <li>the request method associated with the stored response allows it to be used for the presented request, and</li>
    764          <li>selecting request-headers nominated by the stored response (if any) match those presented (see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.6</a>), and
    765          </li>
    766          <li>the presented request and stored response are free from directives that would prevent its use (see <a href="#header.cache-control" id="rfc.xref.header.cache-control.3" title="Cache-Control">Section&nbsp;3.2</a> and <a href="#header.pragma" id="rfc.xref.header.pragma.1" title="Pragma">Section&nbsp;3.4</a>), and
     765         <li>selecting request-headers nominated by the stored response (if any) match those presented (see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.7</a>), and
     766         </li>
     767         <li>the presented request and stored response are free from directives that would prevent its use (see <a href="#header.cache-control" id="rfc.xref.header.cache-control.2" title="Cache-Control">Section&nbsp;3.2</a> and <a href="#header.pragma" id="rfc.xref.header.pragma.1" title="Pragma">Section&nbsp;3.4</a>), and
    767768         </li>
    768769         <li>the stored response is either:
     
    920921      <h2 id="rfc.section.2.4"><a href="#rfc.section.2.4">2.4</a>&nbsp;<a id="validation.model" href="#validation.model">Validation Model</a></h2>
    921922      <p id="rfc.section.2.4.p.1">When a cache has one or more stored responses for a requested URI, but cannot serve any of them (e.g., because they are not
    922          fresh, or one cannot be selected; see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.6</a>), it can use the conditional request mechanism <a href="#Part4" id="rfc.xref.Part4.2"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a> in the forwarded request to give the origin server an opportunity to both select a valid stored response to be used, and to
     923         fresh, or one cannot be selected; see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.7</a>), it can use the conditional request mechanism <a href="#Part4" id="rfc.xref.Part4.2"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a> in the forwarded request to give the origin server an opportunity to both select a valid stored response to be used, and to
    923924         update it. This process is known as "validating" or "revalidating" the stored response.
    924925      </p>
    925       <p id="rfc.section.2.4.p.2">When sending such a conditional request, the cache <em class="bcp14">SHOULD</em> add an If-Modified-Since header whose value is that of the Last-Modified header from the selected (see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.6</a>) stored response, if available.
     926      <p id="rfc.section.2.4.p.2">When sending such a conditional request, the cache <em class="bcp14">SHOULD</em> add an If-Modified-Since header whose value is that of the Last-Modified header from the selected (see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.7</a>) stored response, if available.
    926927      </p>
    927928      <p id="rfc.section.2.4.p.3">Additionally, the cache <em class="bcp14">SHOULD</em> add an If-None-Match header whose value is that of the ETag header(s) from all responses stored for the requested URI, if
     
    929930         response.
    930931      </p>
    931       <p id="rfc.section.2.4.p.4">A 304 (Not Modified) response status code indicates that the stored response can be updated and reused; see <a href="#combining.headers" title="Combining Responses">Section&nbsp;2.7</a>.
     932      <p id="rfc.section.2.4.p.4">A 304 (Not Modified) response status code indicates that the stored response can be updated and reused; see <a href="#combining.headers" title="Combining Responses">Section&nbsp;2.8</a>.
    932933      </p>
    933934      <p id="rfc.section.2.4.p.5">A full response (i.e., one with a response body) indicates that none of the stored responses nominated in the conditional
     
    960961      <p id="rfc.section.2.5.p.8"> <span class="comment" id="TODO-spec-success-invalidate">[<a href="#TODO-spec-success-invalidate" class="smpl">TODO-spec-success-invalidate</a>: specify that only successful (2xx, 3xx?) responses invalidate.]</span>
    961962      </p>
    962       <h2 id="rfc.section.2.6"><a href="#rfc.section.2.6">2.6</a>&nbsp;<a id="caching.negotiated.responses" href="#caching.negotiated.responses">Caching Negotiated Responses</a></h2>
    963       <p id="rfc.section.2.6.p.1">When a cache receives a request that can be satisfied by a stored response that has a Vary header field (<a href="#header.vary" id="rfc.xref.header.vary.1" title="Vary">Section&nbsp;3.5</a>), it <em class="bcp14">MUST NOT</em> use that response unless all of the selecting request-headers nominated by the Vary header match in both the original request
     963      <h2 id="rfc.section.2.6"><a href="#rfc.section.2.6">2.6</a>&nbsp;<a id="caching.authenticated.responses" href="#caching.authenticated.responses">Shared Caching of Authenticated Responses</a></h2>
     964      <p id="rfc.section.2.6.p.1">Shared caches <em class="bcp14">MUST NOT</em> use a cached response to a request with an Authorization header (<a href="p7-auth.html#header.authorization" title="Authorization">Section 3.1</a> of <a href="#Part7" id="rfc.xref.Part7.2"><cite title="HTTP/1.1, part 7: Authentication">[Part7]</cite></a>) to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response.
     965      </p>
     966      <p id="rfc.section.2.6.p.2">In this specification, the following Cache-Control response directives (<a href="#cache-response-directive" title="Response Cache-Control Directives">Section&nbsp;3.2.2</a>) have such an effect: must-revalidate, public, s-maxage.
     967      </p>
     968      <p id="rfc.section.2.6.p.3">Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be
     969         served stale (<a href="#serving.stale.responses" title="Serving Stale Responses">Section&nbsp;2.3.3</a>) by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy
     970         a subsequent request without revalidating it on the origin server.
     971      </p>
     972      <h2 id="rfc.section.2.7"><a href="#rfc.section.2.7">2.7</a>&nbsp;<a id="caching.negotiated.responses" href="#caching.negotiated.responses">Caching Negotiated Responses</a></h2>
     973      <p id="rfc.section.2.7.p.1">When a cache receives a request that can be satisfied by a stored response that has a Vary header field (<a href="#header.vary" id="rfc.xref.header.vary.1" title="Vary">Section&nbsp;3.5</a>), it <em class="bcp14">MUST NOT</em> use that response unless all of the selecting request-headers nominated by the Vary header match in both the original request
    964974         (i.e., that associated with the stored response), and the presented request.
    965975      </p>
    966       <p id="rfc.section.2.6.p.2">The selecting request-headers from two requests are defined to match if and only if those in the first request can be transformed
     976      <p id="rfc.section.2.7.p.2">The selecting request-headers from two requests are defined to match if and only if those in the first request can be transformed
    967977         to those in the second request by applying any of the following:
    968978      </p>
     
    975985         </li>
    976986      </ul>
    977       <p id="rfc.section.2.6.p.3">If (after any normalisation that may take place) a header field is absent from a request, it can only match another request
     987      <p id="rfc.section.2.7.p.3">If (after any normalisation that may take place) a header field is absent from a request, it can only match another request
    978988         if it is also absent there.
    979989      </p>
    980       <p id="rfc.section.2.6.p.4">A Vary header field-value of "*" always fails to match, and subsequent requests to that resource can only be properly interpreted
     990      <p id="rfc.section.2.7.p.4">A Vary header field-value of "*" always fails to match, and subsequent requests to that resource can only be properly interpreted
    981991         by the origin server.
    982992      </p>
    983       <p id="rfc.section.2.6.p.5">The stored response with matching selecting request-headers is known as the selected response.</p>
    984       <p id="rfc.section.2.6.p.6">If no selected response is available, the cache <em class="bcp14">MAY</em> forward the presented request to the origin server in a conditional request; see <a href="#validation.model" title="Validation Model">Section&nbsp;2.4</a>.
    985       </p>
    986       <h2 id="rfc.section.2.7"><a href="#rfc.section.2.7">2.7</a>&nbsp;<a id="combining.headers" href="#combining.headers">Combining Responses</a></h2>
    987       <p id="rfc.section.2.7.p.1">When a cache receives a 304 (Not Modified) response or a 206 (Partial Content) response (in this section, the "new" response"),
     993      <p id="rfc.section.2.7.p.5">The stored response with matching selecting request-headers is known as the selected response.</p>
     994      <p id="rfc.section.2.7.p.6">If no selected response is available, the cache <em class="bcp14">MAY</em> forward the presented request to the origin server in a conditional request; see <a href="#validation.model" title="Validation Model">Section&nbsp;2.4</a>.
     995      </p>
     996      <h2 id="rfc.section.2.8"><a href="#rfc.section.2.8">2.8</a>&nbsp;<a id="combining.headers" href="#combining.headers">Combining Responses</a></h2>
     997      <p id="rfc.section.2.8.p.1">When a cache receives a 304 (Not Modified) response or a 206 (Partial Content) response (in this section, the "new" response"),
    988998         it needs to created an updated response by combining the stored response with the new one, so that the updated response can
    989999         be used to satisfy the request.
    9901000      </p>
    991       <p id="rfc.section.2.7.p.2">If the new response contains an ETag, it identifies the stored response to use. <span class="comment" id="TODO-mention-CL">[<a href="#TODO-mention-CL" class="smpl">TODO-mention-CL</a>: may need language about Content-Location here]</span><span class="comment" id="TODO-inm-mult-etags">[<a href="#TODO-inm-mult-etags" class="smpl">TODO-inm-mult-etags</a>: cover case where INM with multiple etags was sent]</span>
    992       </p>
    993       <p id="rfc.section.2.7.p.3">If the status code is 206 (partial content), both the stored and new responses <em class="bcp14">MUST</em> have validators, and those validators <em class="bcp14">MUST</em> match using the strong comparison function (see <a href="p4-conditional.html#weak.and.strong.validators" title="Weak and Strong Validators">Section 4</a> of <a href="#Part4" id="rfc.xref.Part4.3"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>). Otherwise, the responses <em class="bcp14">MUST NOT</em> be combined.
    994       </p>
    995       <p id="rfc.section.2.7.p.4">The stored response headers are used as those of the updated response, except that </p>
     1001      <p id="rfc.section.2.8.p.2">If the new response contains an ETag, it identifies the stored response to use. <span class="comment" id="TODO-mention-CL">[<a href="#TODO-mention-CL" class="smpl">TODO-mention-CL</a>: may need language about Content-Location here]</span><span class="comment" id="TODO-inm-mult-etags">[<a href="#TODO-inm-mult-etags" class="smpl">TODO-inm-mult-etags</a>: cover case where INM with multiple etags was sent]</span>
     1002      </p>
     1003      <p id="rfc.section.2.8.p.3">If the status code is 206 (partial content), both the stored and new responses <em class="bcp14">MUST</em> have validators, and those validators <em class="bcp14">MUST</em> match using the strong comparison function (see <a href="p4-conditional.html#weak.and.strong.validators" title="Weak and Strong Validators">Section 4</a> of <a href="#Part4" id="rfc.xref.Part4.3"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>). Otherwise, the responses <em class="bcp14">MUST NOT</em> be combined.
     1004      </p>
     1005      <p id="rfc.section.2.8.p.4">The stored response headers are used as those of the updated response, except that </p>
    9961006      <ul>
    9971007         <li>any stored Warning headers with warn-code 1xx (see <a href="#header.warning" id="rfc.xref.header.warning.2" title="Warning">Section&nbsp;3.6</a>) <em class="bcp14">MUST</em> be deleted from the stored response and the updated response.
     
    10021012         </li>
    10031013      </ul>
    1004       <p id="rfc.section.2.7.p.5">If a header field-name in the new response matches more than one header in the stored response, all such stored headers <em class="bcp14">MUST</em> be replaced.
    1005       </p>
    1006       <p id="rfc.section.2.7.p.6">The updated response can <span class="comment" id="TODO-is-req">[<a href="#TODO-is-req" class="smpl">TODO-is-req</a>: requirement?]</span> be used to replace the stored response in cache. In the case of a 206 response, the combined entity-body <em class="bcp14">MAY</em> be stored.
    1007       </p>
    1008       <p id="rfc.section.2.7.p.7"> <span class="comment" id="ISSUE-how-head">[<a href="#ISSUE-how-head" class="smpl">ISSUE-how-head</a>: discuss how to handle HEAD updates]</span>
     1014      <p id="rfc.section.2.8.p.5">If a header field-name in the new response matches more than one header in the stored response, all such stored headers <em class="bcp14">MUST</em> be replaced.
     1015      </p>
     1016      <p id="rfc.section.2.8.p.6">The updated response can <span class="comment" id="TODO-is-req">[<a href="#TODO-is-req" class="smpl">TODO-is-req</a>: requirement?]</span> be used to replace the stored response in cache. In the case of a 206 response, the combined entity-body <em class="bcp14">MAY</em> be stored.
     1017      </p>
     1018      <p id="rfc.section.2.8.p.7"> <span class="comment" id="ISSUE-how-head">[<a href="#ISSUE-how-head" class="smpl">ISSUE-how-head</a>: discuss how to handle HEAD updates]</span>
    10091019      </p>
    10101020      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="header.fields" href="#header.fields">Header Field Definitions</a></h1>
     
    11341144      </p>
    11351145      <ul class="empty">
    1136          <li>The public response directive indicates that the response <em class="bcp14">MAY</em> be cached, even if it would normally be non-cacheable or cacheable only within a non-shared cache. (See also Authorization, <a href="p7-auth.html#header.authorization" title="Authorization">Section 3.1</a> of <a href="#Part7" id="rfc.xref.Part7.2"><cite title="HTTP/1.1, part 7: Authentication">[Part7]</cite></a>, for additional details.)
     1146         <li>The public response directive indicates that the response <em class="bcp14">MAY</em> be cached, even if it would normally be non-cacheable or cacheable only within a non-shared cache. (See also Authorization, <a href="p7-auth.html#header.authorization" title="Authorization">Section 3.1</a> of <a href="#Part7" id="rfc.xref.Part7.3"><cite title="HTTP/1.1, part 7: Authentication">[Part7]</cite></a>, for additional details.)
    11371147         </li>
    11381148      </ul>
     
    12961306      <h2 id="rfc.section.3.5"><a href="#rfc.section.3.5">3.5</a>&nbsp;<a id="header.vary" href="#header.vary">Vary</a></h2>
    12971307      <p id="rfc.section.3.5.p.1">The "Vary" response-header field conveys the set of request-header fields that were used to select the representation.</p>
    1298       <p id="rfc.section.3.5.p.2">Caches use this information, in part, to determine whether a stored response can be used to satisfy a given request; see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.6</a>. determines, while the response is fresh, whether a cache is permitted to use the response to reply to a subsequent request
    1299          without validation; see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.6</a>.
     1308      <p id="rfc.section.3.5.p.2">Caches use this information, in part, to determine whether a stored response can be used to satisfy a given request; see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.7</a>. determines, while the response is fresh, whether a cache is permitted to use the response to reply to a subsequent request
     1309         without validation; see <a href="#caching.negotiated.responses" title="Caching Negotiated Responses">Section&nbsp;2.7</a>.
    13001310      </p>
    13011311      <p id="rfc.section.3.5.p.3">In uncacheable or stale responses, the Vary field value advises the user agent about the criteria that were used to select
     
    15331543                  <td class="left">http</td>
    15341544                  <td class="left">standard</td>
    1535                   <td class="left"> <a href="#header.cache-control" id="rfc.xref.header.cache-control.4" title="Cache-Control">Section&nbsp;3.2</a>
     1545                  <td class="left"> <a href="#header.cache-control" id="rfc.xref.header.cache-control.3" title="Cache-Control">Section&nbsp;3.2</a>
    15361546                  </td>
    15371547               </tr>
     
    16711681      <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a>&nbsp;<a id="compatibility" href="#compatibility">Compatibility with Previous Versions</a></h1>
    16721682      <h2 id="rfc.section.A.1"><a href="#rfc.section.A.1">A.1</a>&nbsp;<a id="changes.from.rfc.2068" href="#changes.from.rfc.2068">Changes from RFC 2068</a></h2>
    1673       <p id="rfc.section.A.1.p.1">A case was missed in the Cache-Control model of HTTP/1.1; s-maxage was introduced to add this missing case. (Sections <a href="#response.cacheability" title="Response Cacheability">2.1</a>, <a href="#header.cache-control" id="rfc.xref.header.cache-control.5" title="Cache-Control">3.2</a>).
     1683      <p id="rfc.section.A.1.p.1">A case was missed in the Cache-Control model of HTTP/1.1; s-maxage was introduced to add this missing case. (Sections <a href="#response.cacheability" title="Response Cacheability">2.1</a>, <a href="#header.cache-control" id="rfc.xref.header.cache-control.4" title="Cache-Control">3.2</a>).
    16741684      </p>
    16751685      <p id="rfc.section.A.1.p.2">Range request responses would become very verbose if all meta-data were always returned; by allowing the server to only send
    1676          needed headers in a 206 response, this problem can be avoided. (<a href="#combining.headers" title="Combining Responses">Section&nbsp;2.7</a>)
     1686         needed headers in a 206 response, this problem can be avoided. (<a href="#combining.headers" title="Combining Responses">Section&nbsp;2.8</a>)
    16771687      </p>
    16781688      <p id="rfc.section.A.1.p.3">The Cache-Control: max-age directive was not properly defined for responses. (<a href="#cache-response-directive" title="Response Cache-Control Directives">Section&nbsp;3.2.2</a>)
    16791689      </p>
    1680       <p id="rfc.section.A.1.p.4">Warnings could be cached incorrectly, or not updated appropriately. (Section <a href="#expiration.model" title="Freshness Model">2.3</a>, <a href="#combining.headers" title="Combining Responses">2.7</a>, <a href="#header.cache-control" id="rfc.xref.header.cache-control.6" title="Cache-Control">3.2</a>, and <a href="#header.warning" id="rfc.xref.header.warning.4" title="Warning">3.6</a>) Warning also needed to be a general header, as PUT or other methods may have need for it in requests.
     1690      <p id="rfc.section.A.1.p.4">Warnings could be cached incorrectly, or not updated appropriately. (Section <a href="#expiration.model" title="Freshness Model">2.3</a>, <a href="#combining.headers" title="Combining Responses">2.8</a>, <a href="#header.cache-control" id="rfc.xref.header.cache-control.5" title="Cache-Control">3.2</a>, and <a href="#header.warning" id="rfc.xref.header.warning.4" title="Warning">3.6</a>) Warning also needed to be a general header, as PUT or other methods may have need for it in requests.
    16811691      </p>
    16821692      <h2 id="rfc.section.A.2"><a href="#rfc.section.A.2">A.2</a>&nbsp;<a id="changes.from.rfc.2616" href="#changes.from.rfc.2616">Changes from RFC 2616</a></h2>
     
    18911901         </li>
    18921902         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/168">http://tools.ietf.org/wg/httpbis/trac/ticket/168</a>&gt;: "Clarify differences between / requirements for request and response CC directives"
     1903         </li>
     1904         <li> &lt;<a href="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/174">http://trac.tools.ietf.org/wg/httpbis/trac/ticket/174</a>&gt;: "Caching authenticated responses"
    18931905         </li>
    18941906         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/208">http://tools.ietf.org/wg/httpbis/trac/ticket/208</a>&gt;: "IANA registry for cache-control directives"
     
    19301942                     </ul>
    19311943                  </li>
    1932                   <li class="indline1">Cache-Control header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.cache-control.1">2.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.2">2.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.3">2.2</a>, <a class="iref" href="#rfc.iref.c.3"><b>3.2</b></a>, <a class="iref" href="#rfc.xref.header.cache-control.4">5.2</a>, <a class="iref" href="#rfc.xref.header.cache-control.5">A.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.6">A.1</a></li>
     1944                  <li class="indline1">Cache-Control header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.cache-control.1">2.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.2">2.2</a>, <a class="iref" href="#rfc.iref.c.3"><b>3.2</b></a>, <a class="iref" href="#rfc.xref.header.cache-control.3">5.2</a>, <a class="iref" href="#rfc.xref.header.cache-control.4">A.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.5">A.1</a></li>
    19331945                  <li class="indline1">cacheable&nbsp;&nbsp;<a class="iref" href="#rfc.iref.c.2">1.2</a></li>
    19341946               </ul>
     
    19791991                     <ul class="ind">
    19801992                        <li class="indline1">Age&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.age.1">2.2</a>, <a class="iref" href="#rfc.xref.header.age.2">2.3.2</a>, <a class="iref" href="#rfc.iref.h.2"><b>3.1</b></a>, <a class="iref" href="#rfc.xref.header.age.3">5.2</a></li>
    1981                         <li class="indline1">Cache-Control&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.cache-control.1">2.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.2">2.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.3">2.2</a>, <a class="iref" href="#rfc.iref.h.3"><b>3.2</b></a>, <a class="iref" href="#rfc.xref.header.cache-control.4">5.2</a>, <a class="iref" href="#rfc.xref.header.cache-control.5">A.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.6">A.1</a></li>
     1993                        <li class="indline1">Cache-Control&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.cache-control.1">2.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.2">2.2</a>, <a class="iref" href="#rfc.iref.h.3"><b>3.2</b></a>, <a class="iref" href="#rfc.xref.header.cache-control.3">5.2</a>, <a class="iref" href="#rfc.xref.header.cache-control.4">A.1</a>, <a class="iref" href="#rfc.xref.header.cache-control.5">A.1</a></li>
    19821994                        <li class="indline1">Expires&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.expires.1">2.1</a>, <a class="iref" href="#rfc.xref.header.expires.2">2.3</a>, <a class="iref" href="#rfc.xref.header.expires.3">2.3.1</a>, <a class="iref" href="#rfc.iref.h.4"><b>3.3</b></a>, <a class="iref" href="#rfc.xref.header.expires.4">5.2</a></li>
    19831995                        <li class="indline1">Pragma&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.pragma.1">2.2</a>, <a class="iref" href="#rfc.xref.header.pragma.2">3.2</a>, <a class="iref" href="#rfc.iref.h.5"><b>3.4</b></a>, <a class="iref" href="#rfc.xref.header.pragma.3">5.2</a></li>
    1984                         <li class="indline1">Vary&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.vary.1">2.6</a>, <a class="iref" href="#rfc.iref.h.6"><b>3.5</b></a>, <a class="iref" href="#rfc.xref.header.vary.2">5.2</a></li>
    1985                         <li class="indline1">Warning&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.warning.1">2.3.3</a>, <a class="iref" href="#rfc.xref.header.warning.2">2.7</a>, <a class="iref" href="#rfc.iref.h.7"><b>3.6</b></a>, <a class="iref" href="#rfc.xref.header.warning.3">5.2</a>, <a class="iref" href="#rfc.xref.header.warning.4">A.1</a>, <a class="iref" href="#rfc.xref.header.warning.5">A.2</a></li>
     1996                        <li class="indline1">Vary&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.vary.1">2.7</a>, <a class="iref" href="#rfc.iref.h.6"><b>3.5</b></a>, <a class="iref" href="#rfc.xref.header.vary.2">5.2</a></li>
     1997                        <li class="indline1">Warning&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.warning.1">2.3.3</a>, <a class="iref" href="#rfc.xref.header.warning.2">2.8</a>, <a class="iref" href="#rfc.iref.h.7"><b>3.6</b></a>, <a class="iref" href="#rfc.xref.header.warning.3">5.2</a>, <a class="iref" href="#rfc.xref.header.warning.4">A.1</a>, <a class="iref" href="#rfc.xref.header.warning.5">A.2</a></li>
    19861998                     </ul>
    19871999                  </li>
     
    20392051            </li>
    20402052            <li class="indline0"><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul class="ind">
    2041                   <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">1.4</a>, <a class="iref" href="#rfc.xref.Part1.2">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.6">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.7">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.8">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.9">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.10">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.12">2.3.2</a>, <a class="iref" href="#rfc.xref.Part1.13">2.5</a>, <a class="iref" href="#rfc.xref.Part1.14">2.5</a>, <a class="iref" href="#rfc.xref.Part1.15">2.5</a>, <a class="iref" href="#rfc.xref.Part1.16">2.6</a>, <a class="iref" href="#rfc.xref.Part1.17">3.3</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind">
     2053                  <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">1.4</a>, <a class="iref" href="#rfc.xref.Part1.2">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.6">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.7">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.8">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.9">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.10">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.12">2.3.2</a>, <a class="iref" href="#rfc.xref.Part1.13">2.5</a>, <a class="iref" href="#rfc.xref.Part1.14">2.5</a>, <a class="iref" href="#rfc.xref.Part1.15">2.5</a>, <a class="iref" href="#rfc.xref.Part1.16">2.7</a>, <a class="iref" href="#rfc.xref.Part1.17">3.3</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind">
    20422054                        <li class="indline1"><em>Section 1.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">1.4</a></li>
    20432055                        <li class="indline1"><em>Section 1.2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.2">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.3">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.4">1.4.1</a>, <a class="iref" href="#rfc.xref.Part1.5">1.4.1</a></li>
    20442056                        <li class="indline1"><em>Section 2.6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.8">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.10">1.4.2</a></li>
    2045                         <li class="indline1"><em>Section 3.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.6">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.16">2.6</a></li>
     2057                        <li class="indline1"><em>Section 3.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.6">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.16">2.7</a></li>
    20462058                        <li class="indline1"><em>Section 4.3</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.11">2.2</a>, <a class="iref" href="#rfc.xref.Part1.13">2.5</a>, <a class="iref" href="#rfc.xref.Part1.14">2.5</a>, <a class="iref" href="#rfc.xref.Part1.15">2.5</a></li>
    20472059                        <li class="indline1"><em>Section 6.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.7">1.4.2</a>, <a class="iref" href="#rfc.xref.Part1.17">3.3</a></li>
     
    20542066                     </ul>
    20552067                  </li>
    2056                   <li class="indline1"><em>Part4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part4.1">2.3.1.1</a>, <a class="iref" href="#rfc.xref.Part4.2">2.4</a>, <a class="iref" href="#rfc.xref.Part4.3">2.7</a>, <a class="iref" href="#Part4"><b>8.1</b></a><ul class="ind">
    2057                         <li class="indline1"><em>Section 4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part4.3">2.7</a></li>
     2068                  <li class="indline1"><em>Part4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part4.1">2.3.1.1</a>, <a class="iref" href="#rfc.xref.Part4.2">2.4</a>, <a class="iref" href="#rfc.xref.Part4.3">2.8</a>, <a class="iref" href="#Part4"><b>8.1</b></a><ul class="ind">
     2069                        <li class="indline1"><em>Section 4</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part4.3">2.8</a></li>
    20582070                        <li class="indline1"><em>Section 6.6</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part4.1">2.3.1.1</a></li>
    20592071                     </ul>
     
    20632075                     </ul>
    20642076                  </li>
    2065                   <li class="indline1"><em>Part7</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part7.1">2.1</a>, <a class="iref" href="#rfc.xref.Part7.2">3.2.2</a>, <a class="iref" href="#Part7"><b>8.1</b></a><ul class="ind">
    2066                         <li class="indline1"><em>Section 3.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part7.1">2.1</a>, <a class="iref" href="#rfc.xref.Part7.2">3.2.2</a></li>
     2077                  <li class="indline1"><em>Part7</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part7.1">2.1</a>, <a class="iref" href="#rfc.xref.Part7.2">2.6</a>, <a class="iref" href="#rfc.xref.Part7.3">3.2.2</a>, <a class="iref" href="#Part7"><b>8.1</b></a><ul class="ind">
     2078                        <li class="indline1"><em>Section 3.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part7.1">2.1</a>, <a class="iref" href="#rfc.xref.Part7.2">2.6</a>, <a class="iref" href="#rfc.xref.Part7.3">3.2.2</a></li>
    20672079                     </ul>
    20682080                  </li>
     
    21192131            <li class="indline0"><a id="rfc.index.V" href="#rfc.index.V"><b>V</b></a><ul class="ind">
    21202132                  <li class="indline1">validator&nbsp;&nbsp;<a class="iref" href="#rfc.iref.v.1">1.2</a>, <a class="iref" href="#rfc.iref.v.2">1.2</a></li>
    2121                   <li class="indline1">Vary header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.vary.1">2.6</a>, <a class="iref" href="#rfc.iref.v.3"><b>3.5</b></a>, <a class="iref" href="#rfc.xref.header.vary.2">5.2</a></li>
     2133                  <li class="indline1">Vary header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.vary.1">2.7</a>, <a class="iref" href="#rfc.iref.v.3"><b>3.5</b></a>, <a class="iref" href="#rfc.xref.header.vary.2">5.2</a></li>
    21222134               </ul>
    21232135            </li>
    21242136            <li class="indline0"><a id="rfc.index.W" href="#rfc.index.W"><b>W</b></a><ul class="ind">
    2125                   <li class="indline1">Warning header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.warning.1">2.3.3</a>, <a class="iref" href="#rfc.xref.header.warning.2">2.7</a>, <a class="iref" href="#rfc.iref.w.1"><b>3.6</b></a>, <a class="iref" href="#rfc.xref.header.warning.3">5.2</a>, <a class="iref" href="#rfc.xref.header.warning.4">A.1</a>, <a class="iref" href="#rfc.xref.header.warning.5">A.2</a></li>
     2137                  <li class="indline1">Warning header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.warning.1">2.3.3</a>, <a class="iref" href="#rfc.xref.header.warning.2">2.8</a>, <a class="iref" href="#rfc.iref.w.1"><b>3.6</b></a>, <a class="iref" href="#rfc.xref.header.warning.3">5.2</a>, <a class="iref" href="#rfc.xref.header.warning.4">A.1</a>, <a class="iref" href="#rfc.xref.header.warning.5">A.2</a></li>
    21262138               </ul>
    21272139            </li>
  • draft-ietf-httpbis/latest/p6-cache.xml

    r832 r834  
    429429       does not appear in the response, if the cache is shared, and</t>
    430430    <t>the "Authorization" header (see &header-authorization;) does not appear in the request, if
    431        the cache is shared (unless the "public" directive is present; see <xref
    432        target="header.cache-control" />), and</t>
     431       the cache is shared, unless the response explicitly allows it (see <xref
     432       target="caching.authenticated.responses" />), and</t>
    433433    <t>the response either:
    434434      <list style="symbols">
     
    836836  <cref anchor="TODO-spec-success-invalidate">specify that only successful (2xx, 3xx?) responses invalidate.</cref>
    837837</t>
     838</section>
     839
     840<section anchor="caching.authenticated.responses" title="Shared Caching of Authenticated Responses">
     841
     842<t>Shared caches &MUST-NOT; use a cached response to a request with an Authorization header (&header-authorization;) to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response.</t>
     843
     844<t>In this specification, the following Cache-Control response directives (<xref target="cache-response-directive"/>) have such an effect: must-revalidate, public, s-maxage.</t>
     845
     846<t>Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be served stale (<xref target="serving.stale.responses"/>) by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server.</t>
    838847</section>
    839848
     
    24772486      "Clarify differences between / requirements for request and response CC directives"
    24782487    </t>
     2488        <t>
     2489                <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/174" />:
     2490                "Caching authenticated responses"
     2491        </t>
    24792492    <t>
    24802493      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/208" />:
Note: See TracChangeset for help on using the changeset viewer.