Opened 12 years ago

Closed 12 years ago

Last modified 11 years ago

#12 closed design (fixed)

Invalidation after Update or Delete

Reported by: mnot@… Owned by:
Priority: Milestone: 01
Component: p6-cache Severity:
Keywords: Cc:

Description

There is some ambiguity in Section13.10 as to how the word 'only' binds here:

In order to prevent denial of service attacks, an invalidation based on the URI in a Location or Content-Location header MUST only be performed if the host part is the same as in the Request-URI.

The following clarification, along with separating the clause explaining the rationale for the rule, is suggested:

An invalidation based on the URI in a Location or Content-Location header MUST NOT be performed if the host part of that URI differs from the host part in the Request-URI. This helps prevent denial of service attacks.

Change History (3)

comment:1 Changed 12 years ago by fielding@…

  • Milestone set to 01
  • Resolution set to fixed
  • Status changed from new to closed
  • version set to 00

Fixed in [77]

comment:2 Changed 12 years ago by mnot@…

  • version changed from 00 to d00

comment:3 Changed 11 years ago by julian.reschke@…

  • Component set to p6-cache
Note: See TracTickets for help on using tickets.