Re: Specification of public cache-control directive
- * Berend de Boer <berend@...> [2007-11-30 20:40]:
> * A Pagaltzis <pagaltzis@...> writes:If that were the use case, it would be, but as it isn’t, it
>> `Cache-Control: public` means “this representation isn’t
>> private, you are free to show it to other people.”
> That's indeed how I read the spec now.
> But isn't it strange that the response doesn't appear in the
> cache until it is first retrieved by an authenticated user? And
> after the first authenticated request, everyone can see it?
> That still confuses me. That's weird behaviour.
ain’t. (With apologies to Lewis Carrol.) Consider that clients
will typically send auth credentials for *any* URI within a realm
after seeing the first 401, and that without having seen a 401
for a specific resource, intermediaries have no way to know
whether the origin server actually requires authorisation for it.
`Cache-Control: public` adresses that by giving the origin server
a way to tell proxies “ignore the authent credentials in the
request, this resource doesn’t actually require authorisation.”
Aristotle Pagaltzis // <http://plasmasturm.org/>