Loading ...
Sorry, an error occurred while loading the content.
 

Re: Specification of public cache-control directive

Expand Messages
  • A. Pagaltzis
    ... If that were the use case, it would be, but as it isn’t, it ain’t. (With apologies to Lewis Carrol.) Consider that clients will typically send auth
    Message 1 of 5 , Nov 30, 2007
      * Berend de Boer <berend@...> [2007-11-30 20:40]:
      > * A Pagaltzis <pagaltzis@...> writes:
      >> `Cache-Control: public` means “this representation isn’t
      >> private, you are free to show it to other people.”
      >
      > That's indeed how I read the spec now.
      >
      > But isn't it strange that the response doesn't appear in the
      > cache until it is first retrieved by an authenticated user? And
      > after the first authenticated request, everyone can see it?
      >
      > That still confuses me. That's weird behaviour.

      If that were the use case, it would be, but as it isn’t, it
      ain’t. (With apologies to Lewis Carrol.) Consider that clients
      will typically send auth credentials for *any* URI within a realm
      after seeing the first 401, and that without having seen a 401
      for a specific resource, intermediaries have no way to know
      whether the origin server actually requires authorisation for it.

      `Cache-Control: public` adresses that by giving the origin server
      a way to tell proxies “ignore the authent credentials in the
      request, this resource doesn’t actually require authorisation.”

      Regards,
      --
      Aristotle Pagaltzis // <http://plasmasturm.org/>
    Your message has been successfully submitted and would be delivered to recipients shortly.