httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: mod_proxy: HTTP/1.1 support
Date Thu, 09 Mar 2000 14:28:30 GMT
Yves Lafon wrote:

> If it is no-cache in the request, the cache won't be used. I also
> invalidate the cache entry if any, so that it is an easy way to flush
> stale entries in the cache (well not stale in the cache, but compared to
> the origin server).
> Server, side, it acts like a Cache-Control: must-revalidate, max-age=0,
> according to 14.9.1.


>   3. If the response includes the "public" cache-control directive,
>      it MAY be returned in reply to any subsequent request.
> So yes, even if the subsequent request does not provide any authorization,
> it is valid to send the cached entry back.

Cool - that's what I thought, but there was much talk of revalidation in
there, it didn't make it 100% clear that it was possible for
Cache-Control: public to make a password protected resource accessible
without credentials being checked.

The code is finished - I just need to thoroughly test it before I submit


View raw message