Re: Issues-list item "CACHING-CGI"
http-wg@cuckoo.hpl.hp.com
Wed, 16 Apr 1997 11:54:48 +0100
>The question here is "when should a cache store and reuse a response
>from a CGI script?".
CGI is no different than any other part of the server. I think it
is a mistake to encode namespace assumptions into the protocol,
particularly when we have already provided a means for origin servers
to explicitly mark something as non-cachable.
> We note one exception to this rule: since some applications have
> traditionally used GETs and HEADs with query URLs (those containing a
> "?" in the rel_path part) to perform operations with significant side
> effects, caches MUST NOT treat responses to such URLs as fresh unless
> the server provides an explicit expiration time. This specifically
> means that responses from HTTP/1.0 servers for such URIs should not
> be taken from a cache. See section 9.1.1 for related information.
I would prefer to delete the above from the spec.
>[9.1.1 defines "safe methods".]
>
>I propose adding this to the end of section 13.9:
>
> Note that some HTTP/1.0 cache operators have found that it is
> dangerous to cache responses to requests for URLs including the
> string "cgi-bin". HTTP/1.1 caches should follow this practice
> for responses that do not include an explicit expiration time.
> HTTP/1.1 origin servers that want to allow caching of responses
> for URLs including "?" or "cgi-bin" SHOULD include an explicit
> expiration time. Explicit expiration times may be specified
> using Expires, or the max-age directive of Cache-Control, or
> both.
I think it is a bad idea -- whether or not a resource is based on
a script has nothing to do with its cachability. If we need a backwards
way to protect against old CGI scripts, then use the Last-Modified
distinction that Ari mentioned.
.....Roy