Ignore:
Timestamp:
02/07/10 00:03:26 (11 years ago)
Author:
mnot@…
Message:

Clarify caching of authenticated responses by shared caches (see #174)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p6-cache.xml

    r832 r834  
    429429       does not appear in the response, if the cache is shared, and</t>
    430430    <t>the "Authorization" header (see &header-authorization;) does not appear in the request, if
    431        the cache is shared (unless the "public" directive is present; see <xref
    432        target="header.cache-control" />), and</t>
     431       the cache is shared, unless the response explicitly allows it (see <xref
     432       target="caching.authenticated.responses" />), and</t>
    433433    <t>the response either:
    434434      <list style="symbols">
     
    836836  <cref anchor="TODO-spec-success-invalidate">specify that only successful (2xx, 3xx?) responses invalidate.</cref>
    837837</t>
     838</section>
     839
     840<section anchor="caching.authenticated.responses" title="Shared Caching of Authenticated Responses">
     841
     842<t>Shared caches &MUST-NOT; use a cached response to a request with an Authorization header (&header-authorization;) to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response.</t>
     843
     844<t>In this specification, the following Cache-Control response directives (<xref target="cache-response-directive"/>) have such an effect: must-revalidate, public, s-maxage.</t>
     845
     846<t>Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be served stale (<xref target="serving.stale.responses"/>) by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server.</t>
    838847</section>
    839848
     
    24772486      "Clarify differences between / requirements for request and response CC directives"
    24782487    </t>
     2488        <t>
     2489                <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/174" />:
     2490                "Caching authenticated responses"
     2491        </t>
    24792492    <t>
    24802493      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/208" />:
Note: See TracChangeset for help on using the changeset viewer.