httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: cache trouble (Re: [vote] 2.1.9 as beta)
Date Mon, 07 Nov 2005 21:10:41 GMT
On Nov 7, 2005, at 1:01 PM, Paul Querna wrote:
>> If there is a compelling reason to support not adding Cache-Control:
>> private to authenticated requests, then it's definitely an option, 
>> but I
>> think we should default to the safe option for now.
> The compelling reason is that this implies that even for the DEFAULT
> configuration of apache, we should be sending cache-control private, 
> for
> EVERY page served.


> This also implies that if we you use mod_rewrite based on any
> non-Varied-Header information, you should be setting Cache-Control:
> Private too.

No, you should be setting Vary: * if the content varies.  That is
also required by HTTP.

The default in all cases should be HTTP-compliant.  You can define
additional directives for overriding compliance by consent of
the owner, but we shouldn't ship a server that doesn't work
correctly by default.


View raw message