Opened 13 years ago
Closed 12 years ago
#174 closed design (fixed)
Caching authenticated responses
Reported by: | mnot@… | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | 10 |
Component: | p6-cache | Severity: | Active WG Document |
Keywords: | Cc: |
Description
- The very last sentence of Sec 14.9.4 (under proxy-revalidate)
says: ...such authenticated responses also need the public cache control directive in order to allow them to be cached at all
Yet, Sec 14.8 lists three cache-control directives that allow a shared cache to reuse an authenticatd response: s-maxage, must-revalidate, and public.
- If must-revalidate alone is enough to allow an authenticated
response to be cached, and if proxy-revalidate is the same as must-revalidate for a shared cache, is proxy-revalidate alone enough to allow an authenticated response to be cached?
If so, should proxy-revalidate be listed in section 14.8?
- RFC 2617, Sec 3.2.2.5 says:
when a shared cache ... has received a request containing an Authorization header and a response from relaying that request, it MUST NOT return that response as a reply to any other request, unless one of two Cache-Control (see section 14.9 of [RFC2616]) directives was present in the response.
I believe this is referring to section 14.8, rather than 14.9, and "two" is not the right number?
- Finally, Sec 14.8 doesn't mention if a non-shared cache needs to treat
an authenticated response specially. I assume that a non-shared cache can store and reuse an authenticated response by default. Should that be made explicit?
Change History (5)
comment:1 Changed 12 years ago by mnot@…
comment:2 Changed 12 years ago by julian.reschke@…
- Milestone changed from unassigned to 10
- Priority set to normal
comment:3 Changed 12 years ago by mnot@…
- Resolution set to incorporated
- Status changed from new to closed
comment:4 Changed 12 years ago by mnot@…
- Resolution incorporated deleted
- Status changed from closed to reopened
comment:5 Changed 12 years ago by mnot@…
- Resolution set to fixed
- Status changed from reopened to closed
From [834]:
Clarify caching of authenticated responses by shared caches (see #174)