Cache Extensions can override no-store, etc.

[mnot@…]

p6 2.1 and 2.2 set up a list of rules that determine what can be stored and what can be used to satisfy a request, respectively, for caches.

Some of those steps don't allow cache-control extensions to override them. In 2.1:

• the "no-store" cache directive (see Section 3.2) does not appear in request or response header fields, and
• the "private" cache response directive (see Section 3.2.2 does not appear in the response, if the cache is shared, and
• the "Authorization" header field (see Section 4.1 of [Part7]) does not appear in the request, if the cache is shared, unless the response explicitly allows it (see Section 2.6), and

and in 2.2:

• selecting header fields nominated by the stored response (if any) match those presented (see Section 2.7), and
• the presented request and stored response are free from directives that would prevent its use (see Section 3.2 and Section 3.4), and
• the stored response is either:
  • fresh (see Section 2.3), or
  • allowed to be served stale (see Section 2.3.3), or
  • successfully validated (see Section 2.4).

[mnot@…]

Incorporated in [1291]