mirror of
https://git.friendi.ca/friendica/friendica-addons.git
synced 2024-12-23 05:50:16 +00:00
2352 lines
80 KiB
Text
2352 lines
80 KiB
Text
|
||
|
||
|
||
HTTPbis Working Group R. Fielding, Ed.
|
||
Internet-Draft Day Software
|
||
Obsoletes: 2616 (if approved) J. Gettys
|
||
Intended status: Standards Track Alcatel-Lucent
|
||
Expires: February 5, 2011 J. Mogul
|
||
HP
|
||
H. Frystyk
|
||
Microsoft
|
||
L. Masinter
|
||
Adobe Systems
|
||
P. Leach
|
||
Microsoft
|
||
T. Berners-Lee
|
||
W3C/MIT
|
||
Y. Lafon, Ed.
|
||
W3C
|
||
M. Nottingham, Ed.
|
||
|
||
J. Reschke, Ed.
|
||
greenbytes
|
||
August 4, 2010
|
||
|
||
|
||
HTTP/1.1, part 6: Caching
|
||
draft-ietf-httpbis-p6-cache-11
|
||
|
||
Abstract
|
||
|
||
The Hypertext Transfer Protocol (HTTP) is an application-level
|
||
protocol for distributed, collaborative, hypermedia information
|
||
systems. This document is Part 6 of the seven-part specification
|
||
that defines the protocol referred to as "HTTP/1.1" and, taken
|
||
together, obsoletes RFC 2616. Part 6 defines requirements on HTTP
|
||
caches and the associated header fields that control cache behavior
|
||
or indicate cacheable response messages.
|
||
|
||
Editorial Note (To be removed by RFC Editor)
|
||
|
||
Discussion of this draft should take place on the HTTPBIS working
|
||
group mailing list (ietf-http-wg@w3.org). The current issues list is
|
||
at <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
|
||
documents (including fancy diffs) can be found at
|
||
<http://tools.ietf.org/wg/httpbis/>.
|
||
|
||
The changes in this draft are summarized in Appendix C.12.
|
||
|
||
Status of This Memo
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 1]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
This Internet-Draft is submitted in full conformance with the
|
||
provisions of BCP 78 and BCP 79.
|
||
|
||
Internet-Drafts are working documents of the Internet Engineering
|
||
Task Force (IETF). Note that other groups may also distribute
|
||
working documents as Internet-Drafts. The list of current Internet-
|
||
Drafts is at http://datatracker.ietf.org/drafts/current/.
|
||
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet-Drafts as reference
|
||
material or to cite them other than as "work in progress."
|
||
|
||
This Internet-Draft will expire on February 5, 2011.
|
||
|
||
Copyright Notice
|
||
|
||
Copyright (c) 2010 IETF Trust and the persons identified as the
|
||
document authors. All rights reserved.
|
||
|
||
This document is subject to BCP 78 and the IETF Trust's Legal
|
||
Provisions Relating to IETF Documents
|
||
(http://trustee.ietf.org/license-info) in effect on the date of
|
||
publication of this document. Please review these documents
|
||
carefully, as they describe your rights and restrictions with respect
|
||
to this document. Code Components extracted from this document must
|
||
include Simplified BSD License text as described in Section 4.e of
|
||
the Trust Legal Provisions and are provided without warranty as
|
||
described in the Simplified BSD License.
|
||
|
||
This document may contain material from IETF Documents or IETF
|
||
Contributions published or made publicly available before November
|
||
10, 2008. The person(s) controlling the copyright in some of this
|
||
material may not have granted the IETF Trust the right to allow
|
||
modifications of such material outside the IETF Standards Process.
|
||
Without obtaining an adequate license from the person(s) controlling
|
||
the copyright in such materials, this document may not be modified
|
||
outside the IETF Standards Process, and derivative works of it may
|
||
not be created outside the IETF Standards Process, except to format
|
||
it for publication as an RFC or to translate it into languages other
|
||
than English.
|
||
|
||
Table of Contents
|
||
|
||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||
1.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
|
||
1.3. Requirements . . . . . . . . . . . . . . . . . . . . . . . 6
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 2]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
1.4. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 7
|
||
1.4.1. Core Rules . . . . . . . . . . . . . . . . . . . . . . 7
|
||
1.4.2. ABNF Rules defined in other Parts of the
|
||
Specification . . . . . . . . . . . . . . . . . . . . 7
|
||
2. Cache Operation . . . . . . . . . . . . . . . . . . . . . . . 7
|
||
2.1. Response Cacheability . . . . . . . . . . . . . . . . . . 7
|
||
2.1.1. Storing Partial and Incomplete Responses . . . . . . . 8
|
||
2.2. Constructing Responses from Caches . . . . . . . . . . . . 9
|
||
2.3. Freshness Model . . . . . . . . . . . . . . . . . . . . . 10
|
||
2.3.1. Calculating Freshness Lifetime . . . . . . . . . . . . 11
|
||
2.3.2. Calculating Age . . . . . . . . . . . . . . . . . . . 12
|
||
2.3.3. Serving Stale Responses . . . . . . . . . . . . . . . 13
|
||
2.4. Validation Model . . . . . . . . . . . . . . . . . . . . . 14
|
||
2.5. Request Methods that Invalidate . . . . . . . . . . . . . 14
|
||
2.6. Shared Caching of Authenticated Responses . . . . . . . . 15
|
||
2.7. Caching Negotiated Responses . . . . . . . . . . . . . . . 16
|
||
2.8. Combining Responses . . . . . . . . . . . . . . . . . . . 16
|
||
3. Header Field Definitions . . . . . . . . . . . . . . . . . . . 17
|
||
3.1. Age . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
|
||
3.2. Cache-Control . . . . . . . . . . . . . . . . . . . . . . 18
|
||
3.2.1. Request Cache-Control Directives . . . . . . . . . . . 18
|
||
3.2.2. Response Cache-Control Directives . . . . . . . . . . 20
|
||
3.2.3. Cache Control Extensions . . . . . . . . . . . . . . . 22
|
||
3.3. Expires . . . . . . . . . . . . . . . . . . . . . . . . . 24
|
||
3.4. Pragma . . . . . . . . . . . . . . . . . . . . . . . . . . 24
|
||
3.5. Vary . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
|
||
3.6. Warning . . . . . . . . . . . . . . . . . . . . . . . . . 26
|
||
4. History Lists . . . . . . . . . . . . . . . . . . . . . . . . 28
|
||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28
|
||
5.1. Cache Directive Registry . . . . . . . . . . . . . . . . . 28
|
||
5.2. Header Field Registration . . . . . . . . . . . . . . . . 29
|
||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29
|
||
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 30
|
||
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30
|
||
8.1. Normative References . . . . . . . . . . . . . . . . . . . 30
|
||
8.2. Informative References . . . . . . . . . . . . . . . . . . 31
|
||
Appendix A. Changes from RFC 2616 . . . . . . . . . . . . . . . . 31
|
||
Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 31
|
||
Appendix C. Change Log (to be removed by RFC Editor before
|
||
publication) . . . . . . . . . . . . . . . . . . . . 33
|
||
C.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 33
|
||
C.2. Since draft-ietf-httpbis-p6-cache-00 . . . . . . . . . . . 33
|
||
C.3. Since draft-ietf-httpbis-p6-cache-01 . . . . . . . . . . . 34
|
||
C.4. Since draft-ietf-httpbis-p6-cache-02 . . . . . . . . . . . 34
|
||
C.5. Since draft-ietf-httpbis-p6-cache-03 . . . . . . . . . . . 34
|
||
C.6. Since draft-ietf-httpbis-p6-cache-04 . . . . . . . . . . . 34
|
||
C.7. Since draft-ietf-httpbis-p6-cache-05 . . . . . . . . . . . 35
|
||
C.8. Since draft-ietf-httpbis-p6-cache-06 . . . . . . . . . . . 35
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 3]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
C.9. Since draft-ietf-httpbis-p6-cache-07 . . . . . . . . . . . 35
|
||
C.10. Since draft-ietf-httpbis-p6-cache-08 . . . . . . . . . . . 36
|
||
C.11. Since draft-ietf-httpbis-p6-cache-09 . . . . . . . . . . . 36
|
||
C.12. Since draft-ietf-httpbis-p6-cache-10 . . . . . . . . . . . 37
|
||
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 4]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
1. Introduction
|
||
|
||
HTTP is typically used for distributed information systems, where
|
||
performance can be improved by the use of response caches. This
|
||
document defines aspects of HTTP/1.1 related to caching and reusing
|
||
response messages.
|
||
|
||
1.1. Purpose
|
||
|
||
An HTTP cache is a local store of response messages and the subsystem
|
||
that controls its message storage, retrieval, and deletion. A cache
|
||
stores cacheable responses in order to reduce the response time and
|
||
network bandwidth consumption on future, equivalent requests. Any
|
||
client or server MAY employ a cache, though a cache cannot be used by
|
||
a server that is acting as a tunnel.
|
||
|
||
Caching would be useless if it did not significantly improve
|
||
performance. The goal of caching in HTTP/1.1 is to reuse a prior
|
||
response message to satisfy a current request. In some cases, a
|
||
stored response can be reused without the need for a network request,
|
||
reducing latency and network round-trips; a "freshness" mechanism is
|
||
used for this purpose (see Section 2.3). Even when a new request is
|
||
required, it is often possible to reuse all or parts of the payload
|
||
of a prior response to satisfy the request, thereby reducing network
|
||
bandwidth usage; a "validation" mechanism is used for this purpose
|
||
(see Section 2.4).
|
||
|
||
1.2. Terminology
|
||
|
||
This specification uses a number of terms to refer to the roles
|
||
played by participants in, and objects of, HTTP caching.
|
||
|
||
cacheable
|
||
|
||
A response is cacheable if a cache is allowed to store a copy of
|
||
the response message for use in answering subsequent requests.
|
||
Even when a response is cacheable, there might be additional
|
||
constraints on whether a cache can use the cached copy to satisfy
|
||
a particular request.
|
||
|
||
explicit expiration time
|
||
|
||
The time at which the origin server intends that a representation
|
||
no longer be returned by a cache without further validation.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 5]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
heuristic expiration time
|
||
|
||
An expiration time assigned by a cache when no explicit expiration
|
||
time is available.
|
||
|
||
age
|
||
|
||
The age of a response is the time since it was sent by, or
|
||
successfully validated with, the origin server.
|
||
|
||
first-hand
|
||
|
||
A response is first-hand if the freshness model is not in use;
|
||
i.e., its age is 0.
|
||
|
||
freshness lifetime
|
||
|
||
The length of time between the generation of a response and its
|
||
expiration time.
|
||
|
||
fresh
|
||
|
||
A response is fresh if its age has not yet exceeded its freshness
|
||
lifetime.
|
||
|
||
stale
|
||
|
||
A response is stale if its age has passed its freshness lifetime
|
||
(either explicit or heuristic).
|
||
|
||
validator
|
||
|
||
A protocol element (e.g., an entity-tag or a Last-Modified time)
|
||
that is used to find out whether a stored response has an
|
||
equivalent copy of a representation.
|
||
|
||
shared cache
|
||
|
||
A cache that is accessible to more than one user. A non-shared
|
||
cache is dedicated to a single user.
|
||
|
||
1.3. Requirements
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in [RFC2119].
|
||
|
||
An implementation is not compliant if it fails to satisfy one or more
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 6]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
of the "MUST" or "REQUIRED" level requirements for the protocols it
|
||
implements. An implementation that satisfies all the "MUST" or
|
||
"REQUIRED" level and all the "SHOULD" level requirements for its
|
||
protocols is said to be "unconditionally compliant"; one that
|
||
satisfies all the "MUST" level requirements but not all the "SHOULD"
|
||
level requirements for its protocols is said to be "conditionally
|
||
compliant".
|
||
|
||
1.4. Syntax Notation
|
||
|
||
This specification uses the ABNF syntax defined in Section 1.2 of
|
||
[Part1] (which extends the syntax defined in [RFC5234] with a list
|
||
rule). Appendix B shows the collected ABNF, with the list rule
|
||
expanded.
|
||
|
||
The following core rules are included by reference, as defined in
|
||
[RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
|
||
(CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
|
||
HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit
|
||
sequence of data), SP (space), VCHAR (any visible USASCII character),
|
||
and WSP (whitespace).
|
||
|
||
1.4.1. Core Rules
|
||
|
||
The core rules below are defined in Section 1.2.2 of [Part1]:
|
||
|
||
quoted-string = <quoted-string, defined in [Part1], Section 1.2.2>
|
||
token = <token, defined in [Part1], Section 1.2.2>
|
||
OWS = <OWS, defined in [Part1], Section 1.2.2>
|
||
|
||
1.4.2. ABNF Rules defined in other Parts of the Specification
|
||
|
||
The ABNF rules below are defined in other parts:
|
||
|
||
field-name = <field-name, defined in [Part1], Section 3.2>
|
||
HTTP-date = <HTTP-date, defined in [Part1], Section 6.1>
|
||
port = <port, defined in [Part1], Section 2.6>
|
||
pseudonym = <pseudonym, defined in [Part1], Section 9.9>
|
||
uri-host = <uri-host, defined in [Part1], Section 2.6>
|
||
|
||
2. Cache Operation
|
||
|
||
2.1. Response Cacheability
|
||
|
||
A cache MUST NOT store a response to any request, unless:
|
||
|
||
o The request method is understood by the cache and defined as being
|
||
cacheable, and
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 7]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
o the response status code is understood by the cache, and
|
||
|
||
o the "no-store" cache directive (see Section 3.2) does not appear
|
||
in request or response headers, and
|
||
|
||
o the "private" cache response directive (see Section 3.2.2 does not
|
||
appear in the response, if the cache is shared, and
|
||
|
||
o the "Authorization" header (see Section 3.1 of [Part7]) does not
|
||
appear in the request, if the cache is shared, unless the response
|
||
explicitly allows it (see Section 2.6), and
|
||
|
||
o the response either:
|
||
|
||
* contains an Expires header (see Section 3.3), or
|
||
|
||
* contains a max-age response cache directive (see
|
||
Section 3.2.2), or
|
||
|
||
* contains a s-maxage response cache directive and the cache is
|
||
shared, or
|
||
|
||
* contains a Cache Control Extension (see Section 3.2.3) that
|
||
allows it to be cached, or
|
||
|
||
* has a status code that can be served with heuristic freshness
|
||
(see Section 2.3.1.1).
|
||
|
||
In this context, a cache has "understood" a request method or a
|
||
response status code if it recognises it and implements any cache-
|
||
specific behaviour. In particular, 206 Partial Content responses
|
||
cannot be cached by an implementation that does not handle partial
|
||
content (see Section 2.1.1).
|
||
|
||
Note that in normal operation, most caches will not store a response
|
||
that has neither a cache validator nor an explicit expiration time,
|
||
as such responses are not usually useful to store. However, caches
|
||
are not prohibited from storing such responses.
|
||
|
||
2.1.1. Storing Partial and Incomplete Responses
|
||
|
||
A cache that receives an incomplete response (for example, with fewer
|
||
bytes of data than specified in a Content-Length header) can store
|
||
the response, but MUST treat it as a partial response [Part5].
|
||
Partial responses can be combined as described in Section 4 of
|
||
[Part5]; the result might be a full response or might still be
|
||
partial. A cache MUST NOT return a partial response to a client
|
||
without explicitly marking it as such using the 206 (Partial Content)
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 8]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
status code.
|
||
|
||
A cache that does not support the Range and Content-Range headers
|
||
MUST NOT store incomplete or partial responses.
|
||
|
||
2.2. Constructing Responses from Caches
|
||
|
||
For a presented request, a cache MUST NOT return a stored response,
|
||
unless:
|
||
|
||
o The presented effective request URI (Section 4.3 of [Part1]) and
|
||
that of the stored response match, and
|
||
|
||
o the request method associated with the stored response allows it
|
||
to be used for the presented request, and
|
||
|
||
o selecting request-headers nominated by the stored response (if
|
||
any) match those presented (see Section 2.7), and
|
||
|
||
o the presented request and stored response are free from directives
|
||
that would prevent its use (see Section 3.2 and Section 3.4), and
|
||
|
||
o the stored response is either:
|
||
|
||
* fresh (see Section 2.3), or
|
||
|
||
* allowed to be served stale (see Section 2.3.3), or
|
||
|
||
* successfully validated (see Section 2.4).
|
||
|
||
When a stored response is used to satisfy a request without
|
||
validation, caches MUST include a single Age header field
|
||
(Section 3.1) in the response with a value equal to the stored
|
||
response's current_age; see Section 2.3.2.
|
||
|
||
Requests with methods that are unsafe (Section 7.1.1 of [Part2]) MUST
|
||
be written through the cache to the origin server; i.e., a cache must
|
||
not reply to such a request before having forwarded the request and
|
||
having received a corresponding response.
|
||
|
||
Also, note that unsafe requests might invalidate already stored
|
||
responses; see Section 2.5.
|
||
|
||
Caches MUST use the most recent response (as determined by the Date
|
||
header) when more than one suitable response is stored. They can
|
||
also forward a request with "Cache-Control: max-age=0" or "Cache-
|
||
Control: no-cache" to disambiguate which response to use.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 9]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
2.3. Freshness Model
|
||
|
||
When a response is "fresh" in the cache, it can be used to satisfy
|
||
subsequent requests without contacting the origin server, thereby
|
||
improving efficiency.
|
||
|
||
The primary mechanism for determining freshness is for an origin
|
||
server to provide an explicit expiration time in the future, using
|
||
either the Expires header (Section 3.3) or the max-age response cache
|
||
directive (Section 3.2.2). Generally, origin servers will assign
|
||
future explicit expiration times to responses in the belief that the
|
||
representation is not likely to change in a semantically significant
|
||
way before the expiration time is reached.
|
||
|
||
If an origin server wishes to force a cache to validate every
|
||
request, it can assign an explicit expiration time in the past to
|
||
indicate that the response is already stale. Compliant caches will
|
||
validate the cached response before reusing it for subsequent
|
||
requests.
|
||
|
||
Since origin servers do not always provide explicit expiration times,
|
||
HTTP caches MAY assign heuristic expiration times when explicit times
|
||
are not specified, employing algorithms that use other header values
|
||
(such as the Last-Modified time) to estimate a plausible expiration
|
||
time. The HTTP/1.1 specification does not provide specific
|
||
algorithms, but does impose worst-case constraints on their results.
|
||
|
||
The calculation to determine if a response is fresh is:
|
||
|
||
response_is_fresh = (freshness_lifetime > current_age)
|
||
|
||
The freshness_lifetime is defined in Section 2.3.1; the current_age
|
||
is defined in Section 2.3.2.
|
||
|
||
Additionally, clients might need to influence freshness calculation.
|
||
They can do this using several request cache directives, with the
|
||
effect of either increasing or loosening constraints on freshness.
|
||
See Section 3.2.1.
|
||
|
||
[[ISSUE-no-req-for-directives: there are not requirements directly
|
||
applying to cache-request-directives and freshness.]]
|
||
|
||
Note that freshness applies only to cache operation; it cannot be
|
||
used to force a user agent to refresh its display or reload a
|
||
resource. See Section 4 for an explanation of the difference between
|
||
caches and history mechanisms.
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 10]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
2.3.1. Calculating Freshness Lifetime
|
||
|
||
A cache can calculate the freshness lifetime (denoted as
|
||
freshness_lifetime) of a response by using the first match of:
|
||
|
||
o If the cache is shared and the s-maxage response cache directive
|
||
(Section 3.2.2) is present, use its value, or
|
||
|
||
o If the max-age response cache directive (Section 3.2.2) is
|
||
present, use its value, or
|
||
|
||
o If the Expires response header (Section 3.3) is present, use its
|
||
value minus the value of the Date response header, or
|
||
|
||
o Otherwise, no explicit expiration time is present in the response.
|
||
A heuristic freshness lifetime might be applicable; see
|
||
Section 2.3.1.1.
|
||
|
||
Note that this calculation is not vulnerable to clock skew, since all
|
||
of the information comes from the origin server.
|
||
|
||
2.3.1.1. Calculating Heuristic Freshness
|
||
|
||
If no explicit expiration time is present in a stored response that
|
||
has a status code whose definition allows heuristic freshness to be
|
||
used (including the following in Section 8 of [Part2]: 200, 203, 206,
|
||
300, 301 and 410), a heuristic expiration time MAY be calculated.
|
||
Heuristics MUST NOT be used for response status codes that do not
|
||
explicitly allow it.
|
||
|
||
When a heuristic is used to calculate freshness lifetime, the cache
|
||
SHOULD attach a Warning header with a 113 warn-code to the response
|
||
if its current_age is more than 24 hours and such a warning is not
|
||
already present.
|
||
|
||
Also, if the response has a Last-Modified header (Section 6.6 of
|
||
[Part4]), the heuristic expiration value SHOULD be no more than some
|
||
fraction of the interval since that time. A typical setting of this
|
||
fraction might be 10%.
|
||
|
||
Note: RFC 2616 ([RFC2616], Section 13.9) required that caches do
|
||
not calculate heuristic freshness for URLs with query components
|
||
(i.e., those containing '?'). In practice, this has not been
|
||
widely implemented. Therefore, servers are encouraged to send
|
||
explicit directives (e.g., Cache-Control: no-cache) if they wish
|
||
to preclude caching.
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 11]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
2.3.2. Calculating Age
|
||
|
||
HTTP/1.1 uses the Age response-header to convey the estimated age of
|
||
the response message when obtained from a cache. The Age field value
|
||
is the cache's estimate of the amount of time since the response was
|
||
generated or validated by the origin server. In essence, the Age
|
||
value is the sum of the time that the response has been resident in
|
||
each of the caches along the path from the origin server, plus the
|
||
amount of time it has been in transit along network paths.
|
||
|
||
The following data is used for the age calculation:
|
||
|
||
age_value
|
||
|
||
The term "age_value" denotes the value of the Age header
|
||
(Section 3.1), in a form appropriate for arithmetic operation; or
|
||
0, if not available.
|
||
|
||
date_value
|
||
|
||
HTTP/1.1 requires origin servers to send a Date header, if
|
||
possible, with every response, giving the time at which the
|
||
response was generated. The term "date_value" denotes the value
|
||
of the Date header, in a form appropriate for arithmetic
|
||
operations. See Section 9.3 of [Part1] for the definition of the
|
||
Date header, and for requirements regarding responses without a
|
||
Date response header.
|
||
|
||
now
|
||
|
||
The term "now" means "the current value of the clock at the host
|
||
performing the calculation". Hosts that use HTTP, but especially
|
||
hosts running origin servers and caches, SHOULD use NTP
|
||
([RFC1305]) or some similar protocol to synchronize their clocks
|
||
to a globally accurate time standard.
|
||
|
||
request_time
|
||
|
||
The current value of the clock at the host at the time the request
|
||
resulting in the stored response was made.
|
||
|
||
response_time
|
||
|
||
The current value of the clock at the host at the time the
|
||
response was received.
|
||
|
||
A response's age can be calculated in two entirely independent ways:
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 12]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
1. the "apparent_age": response_time minus date_value, if the local
|
||
clock is reasonably well synchronized to the origin server's
|
||
clock. If the result is negative, the result is replaced by
|
||
zero.
|
||
|
||
2. the "corrected_age_value", if all of the caches along the
|
||
response path implement HTTP/1.1; note this value MUST be
|
||
interpreted relative to the time the request was initiated, not
|
||
the time that the response was received.
|
||
|
||
|
||
apparent_age = max(0, response_time - date_value);
|
||
|
||
response_delay = response_time - request_time;
|
||
corrected_age_value = age_value + response_delay;
|
||
|
||
These are combined as
|
||
|
||
corrected_initial_age = max(apparent_age, corrected_age_value);
|
||
|
||
The current_age of a stored response can then be calculated by adding
|
||
the amount of time (in seconds) since the stored response was last
|
||
validated by the origin server to the corrected_initial_age.
|
||
|
||
resident_time = now - response_time;
|
||
current_age = corrected_initial_age + resident_time;
|
||
|
||
2.3.3. Serving Stale Responses
|
||
|
||
A "stale" response is one that either has explicit expiry information
|
||
or is allowed to have heuristic expiry calculated, but is not fresh
|
||
according to the calculations in Section 2.3.
|
||
|
||
Caches MUST NOT return a stale response if it is prohibited by an
|
||
explicit in-protocol directive (e.g., by a "no-store" or "no-cache"
|
||
cache directive, a "must-revalidate" cache-response-directive, or an
|
||
applicable "s-maxage" or "proxy-revalidate" cache-response-directive;
|
||
see Section 3.2.2).
|
||
|
||
Caches SHOULD NOT return stale responses unless they are disconnected
|
||
(i.e., it cannot contact the origin server or otherwise find a
|
||
forward path) or otherwise explicitly allowed (e.g., the max-stale
|
||
request directive; see Section 3.2.1).
|
||
|
||
Stale responses SHOULD have a Warning header with the 110 warn-code
|
||
(see Section 3.6). Likewise, the 112 warn-code SHOULD be sent on
|
||
stale responses if the cache is disconnected.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 13]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
If a cache receives a first-hand response (either an entire response,
|
||
or a 304 (Not Modified) response) that it would normally forward to
|
||
the requesting client, and the received response is no longer fresh,
|
||
the cache SHOULD forward it to the requesting client without adding a
|
||
new Warning (but without removing any existing Warning headers). A
|
||
cache SHOULD NOT attempt to validate a response simply because that
|
||
response became stale in transit.
|
||
|
||
2.4. Validation Model
|
||
|
||
When a cache has one or more stored responses for a requested URI,
|
||
but cannot serve any of them (e.g., because they are not fresh, or
|
||
one cannot be selected; see Section 2.7), it can use the conditional
|
||
request mechanism [Part4] in the forwarded request to give the origin
|
||
server an opportunity to both select a valid stored response to be
|
||
used, and to update it. This process is known as "validating" or
|
||
"revalidating" the stored response.
|
||
|
||
When sending such a conditional request, the cache SHOULD add an If-
|
||
Modified-Since header whose value is that of the Last-Modified header
|
||
from the selected (see Section 2.7) stored response, if available.
|
||
|
||
Additionally, the cache SHOULD add an If-None-Match header whose
|
||
value is that of the ETag header(s) from all responses stored for the
|
||
requested URI, if present. However, if any of the stored responses
|
||
contains only partial content, its entity-tag SHOULD NOT be included
|
||
in the If-None-Match header field unless the request is for a range
|
||
that would be fully satisfied by that stored response.
|
||
|
||
A 304 (Not Modified) response status code indicates that the stored
|
||
response can be updated and reused; see Section 2.8.
|
||
|
||
A full response (i.e., one with a response body) indicates that none
|
||
of the stored responses nominated in the conditional request is
|
||
suitable. Instead, the full response SHOULD be used to satisfy the
|
||
request and MAY replace the stored response.
|
||
|
||
If a cache receives a 5xx response while attempting to validate a
|
||
response, it MAY either forward this response to the requesting
|
||
client, or act as if the server failed to respond. In the latter
|
||
case, it MAY return a previously stored response (see Section 2.3.3).
|
||
|
||
2.5. Request Methods that Invalidate
|
||
|
||
Because unsafe methods (Section 7.1.1 of [Part2]) have the potential
|
||
for changing state on the origin server, intervening caches can use
|
||
them to keep their contents up-to-date.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 14]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
The following HTTP methods MUST cause a cache to invalidate the
|
||
effective Request URI (Section 4.3 of [Part1]) as well as the URI(s)
|
||
in the Location and Content-Location headers (if present):
|
||
|
||
o PUT
|
||
|
||
o DELETE
|
||
|
||
o POST
|
||
|
||
An invalidation based on a URI from a Location or Content-Location
|
||
header MUST NOT be performed if the host part of that URI differs
|
||
from the host part in the effective request URI (Section 4.3 of
|
||
[Part1]). This helps prevent denial of service attacks.
|
||
|
||
A cache that passes through requests for methods it does not
|
||
understand SHOULD invalidate the effective request URI (Section 4.3
|
||
of [Part1]).
|
||
|
||
Here, "invalidate" means that the cache will either remove all stored
|
||
responses related to the effective request URI, or will mark these as
|
||
"invalid" and in need of a mandatory validation before they can be
|
||
returned in response to a subsequent request.
|
||
|
||
Note that this does not guarantee that all appropriate responses are
|
||
invalidated. For example, the request that caused the change at the
|
||
origin server might not have gone through the cache where a response
|
||
is stored.
|
||
|
||
2.6. Shared Caching of Authenticated Responses
|
||
|
||
Shared caches MUST NOT use a cached response to a request with an
|
||
Authorization header (Section 3.1 of [Part7]) to satisfy any
|
||
subsequent request unless a cache directive that allows such
|
||
responses to be stored is present in the response.
|
||
|
||
In this specification, the following Cache-Control response
|
||
directives (Section 3.2.2) have such an effect: must-revalidate,
|
||
public, s-maxage.
|
||
|
||
Note that cached responses that contain the "must-revalidate" and/or
|
||
"s-maxage" response directives are not allowed to be served stale
|
||
(Section 2.3.3) by shared caches. In particular, a response with
|
||
either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to
|
||
satisfy a subsequent request without revalidating it on the origin
|
||
server.
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 15]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
2.7. Caching Negotiated Responses
|
||
|
||
When a cache receives a request that can be satisfied by a stored
|
||
response that has a Vary header field (Section 3.5), it MUST NOT use
|
||
that response unless all of the selecting request-headers nominated
|
||
by the Vary header match in both the original request (i.e., that
|
||
associated with the stored response), and the presented request.
|
||
|
||
The selecting request-headers from two requests are defined to match
|
||
if and only if those in the first request can be transformed to those
|
||
in the second request by applying any of the following:
|
||
|
||
o adding or removing whitespace, where allowed in the header's
|
||
syntax
|
||
|
||
o combining multiple message-header fields with the same field name
|
||
(see Section 3.2 of [Part1])
|
||
|
||
o normalizing both header values in a way that is known to have
|
||
identical semantics, according to the header's specification
|
||
(e.g., re-ordering field values when order is not significant;
|
||
case-normalization, where values are defined to be case-
|
||
insensitive)
|
||
|
||
If (after any normalization that might take place) a header field is
|
||
absent from a request, it can only match another request if it is
|
||
also absent there.
|
||
|
||
A Vary header field-value of "*" always fails to match, and
|
||
subsequent requests to that resource can only be properly interpreted
|
||
by the origin server.
|
||
|
||
The stored response with matching selecting request-headers is known
|
||
as the selected response.
|
||
|
||
If no selected response is available, the cache MAY forward the
|
||
presented request to the origin server in a conditional request; see
|
||
Section 2.4.
|
||
|
||
2.8. Combining Responses
|
||
|
||
When a cache receives a 304 (Not Modified) response or a 206 (Partial
|
||
Content) response (in this section, the "new" response"), it needs to
|
||
created an updated response by combining the stored response with the
|
||
new one, so that the updated response can be used to satisfy the
|
||
request, and potentially update the cached response.
|
||
|
||
If the new response contains an ETag, it identifies the stored
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 16]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
response to use. [[TODO-mention-CL: might need language about
|
||
Content-Location here]][[TODO-select-for-combine: Shouldn't this be
|
||
the selected response?]]
|
||
|
||
If the new response's status code is 206 (partial content), both the
|
||
stored and new responses MUST have validators, and those validators
|
||
MUST match using the strong comparison function (see Section 4 of
|
||
[Part4]). Otherwise, the responses MUST NOT be combined.
|
||
|
||
The stored response headers are used as those of the updated
|
||
response, except that
|
||
|
||
o any stored Warning headers with warn-code 1xx (see Section 3.6)
|
||
MUST be deleted.
|
||
|
||
o any stored Warning headers with warn-code 2xx MUST be retained.
|
||
|
||
o any other headers provided in the new response MUST replace all
|
||
instances of the corresponding headers from the stored response.
|
||
|
||
The updated response headers MUST be used to replace those of the
|
||
stored response in cache (unless the stored response is removed from
|
||
cache). In the case of a 206 response, the combined representation
|
||
MAY be stored.
|
||
|
||
3. Header Field Definitions
|
||
|
||
This section defines the syntax and semantics of HTTP/1.1 header
|
||
fields related to caching.
|
||
|
||
3.1. Age
|
||
|
||
The "Age" response-header field conveys the sender's estimate of the
|
||
amount of time since the response was generated or successfully
|
||
validated at the origin server. Age values are calculated as
|
||
specified in Section 2.3.2.
|
||
|
||
Age = "Age" ":" OWS Age-v
|
||
Age-v = delta-seconds
|
||
|
||
Age field-values are non-negative integers, representing time in
|
||
seconds.
|
||
|
||
delta-seconds = 1*DIGIT
|
||
|
||
If a cache receives a value larger than the largest positive integer
|
||
it can represent, or if any of its age calculations overflows, it
|
||
MUST transmit an Age header with a field-value of 2147483648 (2^31).
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 17]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Caches SHOULD use an arithmetic type of at least 31 bits of range.
|
||
|
||
The presence of an Age header field in a response implies that a
|
||
response is not first-hand. However, the converse is not true, since
|
||
HTTP/1.0 caches might not implement the Age header field.
|
||
|
||
3.2. Cache-Control
|
||
|
||
The "Cache-Control" general-header field is used to specify
|
||
directives for caches along the request/response chain. Such cache
|
||
directives are unidirectional in that the presence of a directive in
|
||
a request does not imply that the same directive is to be given in
|
||
the response.
|
||
|
||
HTTP/1.1 caches MUST obey the requirements of the Cache-Control
|
||
directives defined in this section. See Section 3.2.3 for
|
||
information about how Cache-Control directives defined elsewhere are
|
||
handled.
|
||
|
||
Note: HTTP/1.0 caches might not implement Cache-Control and might
|
||
only implement Pragma: no-cache (see Section 3.4).
|
||
|
||
Cache directives MUST be passed through by a proxy or gateway
|
||
application, regardless of their significance to that application,
|
||
since the directives might be applicable to all recipients along the
|
||
request/response chain. It is not possible to target a directive to
|
||
a specific cache.
|
||
|
||
Cache-Control = "Cache-Control" ":" OWS Cache-Control-v
|
||
Cache-Control-v = 1#cache-directive
|
||
|
||
cache-directive = cache-request-directive
|
||
/ cache-response-directive
|
||
|
||
cache-extension = token [ "=" ( token / quoted-string ) ]
|
||
|
||
3.2.1. Request Cache-Control Directives
|
||
|
||
cache-request-directive =
|
||
"no-cache"
|
||
/ "no-store"
|
||
/ "max-age" "=" delta-seconds
|
||
/ "max-stale" [ "=" delta-seconds ]
|
||
/ "min-fresh" "=" delta-seconds
|
||
/ "no-transform"
|
||
/ "only-if-cached"
|
||
/ cache-extension
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 18]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
no-cache
|
||
|
||
The no-cache request directive indicates that a stored response
|
||
MUST NOT be used to satisfy the request without successful
|
||
validation on the origin server.
|
||
|
||
no-store
|
||
|
||
The no-store request directive indicates that a cache MUST NOT
|
||
store any part of either this request or any response to it. This
|
||
directive applies to both non-shared and shared caches. "MUST NOT
|
||
store" in this context means that the cache MUST NOT intentionally
|
||
store the information in non-volatile storage, and MUST make a
|
||
best-effort attempt to remove the information from volatile
|
||
storage as promptly as possible after forwarding it.
|
||
|
||
This directive is NOT a reliable or sufficient mechanism for
|
||
ensuring privacy. In particular, malicious or compromised caches
|
||
might not recognize or obey this directive, and communications
|
||
networks might be vulnerable to eavesdropping.
|
||
|
||
max-age
|
||
|
||
The max-age request directive indicates that the client is willing
|
||
to accept a response whose age is no greater than the specified
|
||
time in seconds. Unless the max-stale request directive is also
|
||
present, the client is not willing to accept a stale response.
|
||
|
||
max-stale
|
||
|
||
The max-stale request directive indicates that the client is
|
||
willing to accept a response that has exceeded its expiration
|
||
time. If max-stale is assigned a value, then the client is
|
||
willing to accept a response that has exceeded its expiration time
|
||
by no more than the specified number of seconds. If no value is
|
||
assigned to max-stale, then the client is willing to accept a
|
||
stale response of any age.
|
||
|
||
min-fresh
|
||
|
||
The min-fresh request directive indicates that the client is
|
||
willing to accept a response whose freshness lifetime is no less
|
||
than its current age plus the specified time in seconds. That is,
|
||
the client wants a response that will still be fresh for at least
|
||
the specified number of seconds.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 19]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
no-transform
|
||
|
||
The no-transform request directive indicates that an intermediate
|
||
cache or proxy MUST NOT change the Content-Encoding, Content-Range
|
||
or Content-Type request headers, nor the request representation.
|
||
|
||
only-if-cached
|
||
|
||
The only-if-cached request directive indicates that the client
|
||
only wishes to return a stored response. If it receives this
|
||
directive, a cache SHOULD either respond using a stored response
|
||
that is consistent with the other constraints of the request, or
|
||
respond with a 504 (Gateway Timeout) status code. If a group of
|
||
caches is being operated as a unified system with good internal
|
||
connectivity, such a request MAY be forwarded within that group of
|
||
caches.
|
||
|
||
3.2.2. Response Cache-Control Directives
|
||
|
||
cache-response-directive =
|
||
"public"
|
||
/ "private" [ "=" DQUOTE 1#field-name DQUOTE ]
|
||
/ "no-cache" [ "=" DQUOTE 1#field-name DQUOTE ]
|
||
/ "no-store"
|
||
/ "no-transform"
|
||
/ "must-revalidate"
|
||
/ "proxy-revalidate"
|
||
/ "max-age" "=" delta-seconds
|
||
/ "s-maxage" "=" delta-seconds
|
||
/ cache-extension
|
||
|
||
public
|
||
|
||
The public response directive indicates that the response MAY be
|
||
cached, even if it would normally be non-cacheable or cacheable
|
||
only within a non-shared cache. (See also Authorization, Section
|
||
3.1 of [Part7], for additional details.)
|
||
|
||
private
|
||
|
||
The private response directive indicates that the response message
|
||
is intended for a single user and MUST NOT be stored by a shared
|
||
cache. A private (non-shared) cache MAY store the response.
|
||
|
||
If the private response directive specifies one or more field-
|
||
names, this requirement is limited to the field-values associated
|
||
with the listed response headers. That is, the specified field-
|
||
names(s) MUST NOT be stored by a shared cache, whereas the
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 20]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
remainder of the response message MAY be.
|
||
|
||
Note: This usage of the word private only controls where the
|
||
response can be stored; it cannot ensure the privacy of the
|
||
message content. Also, private response directives with field-
|
||
names are often handled by implementations as if an unqualified
|
||
private directive was received; i.e., the special handling for the
|
||
qualified form is not widely implemented.
|
||
|
||
no-cache
|
||
|
||
The no-cache response directive indicates that the response MUST
|
||
NOT be used to satisfy a subsequent request without successful
|
||
validation on the origin server. This allows an origin server to
|
||
prevent a cache from using it to satisfy a request without
|
||
contacting it, even by caches that have been configured to return
|
||
stale responses.
|
||
|
||
If the no-cache response directive specifies one or more field-
|
||
names, this requirement is limited to the field-values associated
|
||
with the listed response headers. That is, the specified field-
|
||
name(s) MUST NOT be sent in the response to a subsequent request
|
||
without successful validation on the origin server. This allows
|
||
an origin server to prevent the re-use of certain header fields in
|
||
a response, while still allowing caching of the rest of the
|
||
response.
|
||
|
||
Note: Most HTTP/1.0 caches will not recognize or obey this
|
||
directive. Also, no-cache response directives with field-names
|
||
are often handled by implementations as if an unqualified no-cache
|
||
directive was received; i.e., the special handling for the
|
||
qualified form is not widely implemented.
|
||
|
||
no-store
|
||
|
||
The no-store response directive indicates that a cache MUST NOT
|
||
store any part of either the immediate request or response. This
|
||
directive applies to both non-shared and shared caches. "MUST NOT
|
||
store" in this context means that the cache MUST NOT intentionally
|
||
store the information in non-volatile storage, and MUST make a
|
||
best-effort attempt to remove the information from volatile
|
||
storage as promptly as possible after forwarding it.
|
||
|
||
This directive is NOT a reliable or sufficient mechanism for
|
||
ensuring privacy. In particular, malicious or compromised caches
|
||
might not recognize or obey this directive, and communications
|
||
networks might be vulnerable to eavesdropping.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 21]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
must-revalidate
|
||
|
||
The must-revalidate response directive indicates that once it has
|
||
become stale, the response MUST NOT be used to satisfy subsequent
|
||
requests without successful validation on the origin server.
|
||
|
||
The must-revalidate directive is necessary to support reliable
|
||
operation for certain protocol features. In all circumstances an
|
||
HTTP/1.1 cache MUST obey the must-revalidate directive; in
|
||
particular, if the cache cannot reach the origin server for any
|
||
reason, it MUST generate a 504 (Gateway Timeout) response.
|
||
|
||
Servers SHOULD send the must-revalidate directive if and only if
|
||
failure to validate a request on the representation could result
|
||
in incorrect operation, such as a silently unexecuted financial
|
||
transaction.
|
||
|
||
proxy-revalidate
|
||
|
||
The proxy-revalidate response directive has the same meaning as
|
||
the must-revalidate response directive, except that it does not
|
||
apply to non-shared caches.
|
||
|
||
max-age
|
||
|
||
The max-age response directive indicates that response is to be
|
||
considered stale after its age is greater than the specified
|
||
number of seconds.
|
||
|
||
s-maxage
|
||
|
||
The s-maxage response directive indicates that, in shared caches,
|
||
the maximum age specified by this directive overrides the maximum
|
||
age specified by either the max-age directive or the Expires
|
||
header. The s-maxage directive also implies the semantics of the
|
||
proxy-revalidate response directive.
|
||
|
||
no-transform
|
||
|
||
The no-transform response directive indicates that an intermediate
|
||
cache or proxy MUST NOT change the Content-Encoding, Content-Range
|
||
or Content-Type response headers, nor the response representation.
|
||
|
||
3.2.3. Cache Control Extensions
|
||
|
||
The Cache-Control header field can be extended through the use of one
|
||
or more cache-extension tokens, each with an optional value.
|
||
Informational extensions (those that do not require a change in cache
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 22]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
behavior) can be added without changing the semantics of other
|
||
directives. Behavioral extensions are designed to work by acting as
|
||
modifiers to the existing base of cache directives. Both the new
|
||
directive and the standard directive are supplied, such that
|
||
applications that do not understand the new directive will default to
|
||
the behavior specified by the standard directive, and those that
|
||
understand the new directive will recognize it as modifying the
|
||
requirements associated with the standard directive. In this way,
|
||
extensions to the cache-control directives can be made without
|
||
requiring changes to the base protocol.
|
||
|
||
This extension mechanism depends on an HTTP cache obeying all of the
|
||
cache-control directives defined for its native HTTP-version, obeying
|
||
certain extensions, and ignoring all directives that it does not
|
||
understand.
|
||
|
||
For example, consider a hypothetical new response directive called
|
||
"community" that acts as a modifier to the private directive. We
|
||
define this new directive to mean that, in addition to any non-shared
|
||
cache, any cache that is shared only by members of the community
|
||
named within its value may cache the response. An origin server
|
||
wishing to allow the UCI community to use an otherwise private
|
||
response in their shared cache(s) could do so by including
|
||
|
||
Cache-Control: private, community="UCI"
|
||
|
||
A cache seeing this header field will act correctly even if the cache
|
||
does not understand the community cache-extension, since it will also
|
||
see and understand the private directive and thus default to the safe
|
||
behavior.
|
||
|
||
Unrecognized cache directives MUST be ignored; it is assumed that any
|
||
cache directive likely to be unrecognized by an HTTP/1.1 cache will
|
||
be combined with standard directives (or the response's default
|
||
cacheability) such that the cache behavior will remain minimally
|
||
correct even if the cache does not understand the extension(s).
|
||
|
||
The HTTP Cache Directive Registry defines the name space for the
|
||
cache directives.
|
||
|
||
Registrations MUST include the following fields:
|
||
|
||
o Cache Directive Name
|
||
|
||
o Pointer to specification text
|
||
|
||
Values to be added to this name space are subject to IETF review
|
||
([RFC5226], Section 4.1).
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 23]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
The registry itself is maintained at
|
||
<http://www.iana.org/assignments/http-cache-directives>.
|
||
|
||
3.3. Expires
|
||
|
||
The "Expires" header field gives the date/time after which the
|
||
response is considered stale. See Section 2.3 for further discussion
|
||
of the freshness model.
|
||
|
||
The presence of an Expires field does not imply that the original
|
||
resource will change or cease to exist at, before, or after that
|
||
time.
|
||
|
||
The field-value is an absolute date and time as defined by HTTP-date
|
||
in Section 6.1 of [Part1]; it MUST be sent in rfc1123-date format.
|
||
|
||
Expires = "Expires" ":" OWS Expires-v
|
||
Expires-v = HTTP-date
|
||
|
||
For example
|
||
|
||
Expires: Thu, 01 Dec 1994 16:00:00 GMT
|
||
|
||
Note: If a response includes a Cache-Control field with the max-
|
||
age directive (see Section 3.2.2), that directive overrides the
|
||
Expires field. Likewise, the s-maxage directive overrides Expires
|
||
in shared caches.
|
||
|
||
HTTP/1.1 servers SHOULD NOT send Expires dates more than one year in
|
||
the future.
|
||
|
||
HTTP/1.1 clients and caches MUST treat other invalid date formats,
|
||
especially including the value "0", as in the past (i.e., "already
|
||
expired").
|
||
|
||
3.4. Pragma
|
||
|
||
The "Pragma" general-header field is used to include implementation-
|
||
specific directives that might apply to any recipient along the
|
||
request/response chain. All pragma directives specify optional
|
||
behavior from the viewpoint of the protocol; however, some systems
|
||
MAY require that behavior be consistent with the directives.
|
||
|
||
Pragma = "Pragma" ":" OWS Pragma-v
|
||
Pragma-v = 1#pragma-directive
|
||
pragma-directive = "no-cache" / extension-pragma
|
||
extension-pragma = token [ "=" ( token / quoted-string ) ]
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 24]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
When the no-cache directive is present in a request message, an
|
||
application SHOULD forward the request toward the origin server even
|
||
if it has a cached copy of what is being requested. This pragma
|
||
directive has the same semantics as the no-cache response directive
|
||
(see Section 3.2.2) and is defined here for backward compatibility
|
||
with HTTP/1.0. Clients SHOULD include both header fields when a no-
|
||
cache request is sent to a server not known to be HTTP/1.1 compliant.
|
||
HTTP/1.1 caches SHOULD treat "Pragma: no-cache" as if the client had
|
||
sent "Cache-Control: no-cache".
|
||
|
||
Note: Because the meaning of "Pragma: no-cache" as a response-
|
||
header field is not actually specified, it does not provide a
|
||
reliable replacement for "Cache-Control: no-cache" in a response.
|
||
|
||
This mechanism is deprecated; no new Pragma directives will be
|
||
defined in HTTP.
|
||
|
||
3.5. Vary
|
||
|
||
The "Vary" response-header field conveys the set of request-header
|
||
fields that were used to select the representation.
|
||
|
||
Caches use this information, in part, to determine whether a stored
|
||
response can be used to satisfy a given request; see Section 2.7.
|
||
determines, while the response is fresh, whether a cache is permitted
|
||
to use the response to reply to a subsequent request without
|
||
validation; see Section 2.7.
|
||
|
||
In uncacheable or stale responses, the Vary field value advises the
|
||
user agent about the criteria that were used to select the
|
||
representation.
|
||
|
||
Vary = "Vary" ":" OWS Vary-v
|
||
Vary-v = "*" / 1#field-name
|
||
|
||
The set of header fields named by the Vary field value is known as
|
||
the selecting request-headers.
|
||
|
||
Servers SHOULD include a Vary header field with any cacheable
|
||
response that is subject to server-driven negotiation. Doing so
|
||
allows a cache to properly interpret future requests on that resource
|
||
and informs the user agent about the presence of negotiation on that
|
||
resource. A server MAY include a Vary header field with a non-
|
||
cacheable response that is subject to server-driven negotiation,
|
||
since this might provide the user agent with useful information about
|
||
the dimensions over which the response varies at the time of the
|
||
response.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 25]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
A Vary field value of "*" signals that unspecified parameters not
|
||
limited to the request-headers (e.g., the network address of the
|
||
client), play a role in the selection of the response representation;
|
||
therefore, a cache cannot determine whether this response is
|
||
appropriate. The "*" value MUST NOT be generated by a proxy server.
|
||
|
||
The field-names given are not limited to the set of standard request-
|
||
header fields defined by this specification. Field names are case-
|
||
insensitive.
|
||
|
||
3.6. Warning
|
||
|
||
The "Warning" general-header field is used to carry additional
|
||
information about the status or transformation of a message that
|
||
might not be reflected in the message. This information is typically
|
||
used to warn about possible incorrectness introduced by caching
|
||
operations or transformations applied to the payload of the message.
|
||
|
||
Warnings can be used for other purposes, both cache-related and
|
||
otherwise. The use of a warning, rather than an error status code,
|
||
distinguishes these responses from true failures.
|
||
|
||
Warning headers can in general be applied to any message, however
|
||
some warn-codes are specific to caches and can only be applied to
|
||
response messages.
|
||
|
||
Warning = "Warning" ":" OWS Warning-v
|
||
Warning-v = 1#warning-value
|
||
|
||
warning-value = warn-code SP warn-agent SP warn-text
|
||
[SP warn-date]
|
||
|
||
warn-code = 3DIGIT
|
||
warn-agent = ( uri-host [ ":" port ] ) / pseudonym
|
||
; the name or pseudonym of the server adding
|
||
; the Warning header, for use in debugging
|
||
warn-text = quoted-string
|
||
warn-date = DQUOTE HTTP-date DQUOTE
|
||
|
||
Multiple warnings can be attached to a response (either by the origin
|
||
server or by a cache), including multiple warnings with the same code
|
||
number, only differing in warn-text.
|
||
|
||
When this occurs, the user agent SHOULD inform the user of as many of
|
||
them as possible, in the order that they appear in the response.
|
||
|
||
Systems that generate multiple Warning headers SHOULD order them with
|
||
this user agent behavior in mind. New Warning headers SHOULD be
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 26]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
added after any existing Warning headers.
|
||
|
||
Warnings are assigned three digit warn-codes. The first digit
|
||
indicates whether the Warning is required to be deleted from a stored
|
||
response after validation:
|
||
|
||
o 1xx Warnings describe the freshness or validation status of the
|
||
response, and so MUST be deleted by caches after validation. They
|
||
can only be generated by a cache when validating a cached entry,
|
||
and MUST NOT be generated in any other situation.
|
||
|
||
o 2xx Warnings describe some aspect of the representation that is
|
||
not rectified by a validation (for example, a lossy compression of
|
||
the representation) and MUST NOT be deleted by caches after
|
||
validation, unless a full response is returned, in which case they
|
||
MUST be.
|
||
|
||
If an implementation sends a message with one or more Warning headers
|
||
to a receiver whose version is HTTP/1.0 or lower, then the sender
|
||
MUST include in each warning-value a warn-date that matches the Date
|
||
header in the message.
|
||
|
||
If an implementation receives a message with a warning-value that
|
||
includes a warn-date, and that warn-date is different from the Date
|
||
value in the response, then that warning-value MUST be deleted from
|
||
the message before storing, forwarding, or using it. (preventing the
|
||
consequences of naive caching of Warning header fields.) If all of
|
||
the warning-values are deleted for this reason, the Warning header
|
||
MUST be deleted as well.
|
||
|
||
The following warn-codes are defined by this specification, each with
|
||
a recommended warn-text in English, and a description of its meaning.
|
||
|
||
110 Response is stale
|
||
|
||
SHOULD be included whenever the returned response is stale.
|
||
|
||
111 Revalidation failed
|
||
|
||
SHOULD be included if a cache returns a stale response because an
|
||
attempt to validate the response failed, due to an inability to
|
||
reach the server.
|
||
|
||
112 Disconnected operation
|
||
|
||
SHOULD be included if the cache is intentionally disconnected from
|
||
the rest of the network for a period of time.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 27]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
113 Heuristic expiration
|
||
|
||
SHOULD be included if the cache heuristically chose a freshness
|
||
lifetime greater than 24 hours and the response's age is greater
|
||
than 24 hours.
|
||
|
||
199 Miscellaneous warning
|
||
|
||
The warning text can include arbitrary information to be presented
|
||
to a human user, or logged. A system receiving this warning MUST
|
||
NOT take any automated action, besides presenting the warning to
|
||
the user.
|
||
|
||
214 Transformation applied
|
||
|
||
MUST be added by an intermediate proxy if it applies any
|
||
transformation to the representation, such as changing the
|
||
content-coding, media-type, or modifying the representation data,
|
||
unless this Warning code already appears in the response.
|
||
|
||
299 Miscellaneous persistent warning
|
||
|
||
The warning text can include arbitrary information to be presented
|
||
to a human user, or logged. A system receiving this warning MUST
|
||
NOT take any automated action.
|
||
|
||
4. History Lists
|
||
|
||
User agents often have history mechanisms, such as "Back" buttons and
|
||
history lists, that can be used to redisplay a representation
|
||
retrieved earlier in a session.
|
||
|
||
The freshness model (Section 2.3) does not necessarily apply to
|
||
history mechanisms. I.e., a history mechanism can display a previous
|
||
representation even if it has expired.
|
||
|
||
This does not prohibit the history mechanism from telling the user
|
||
that a view might be stale, or from honoring cache directives (e.g.,
|
||
Cache-Control: no-store).
|
||
|
||
5. IANA Considerations
|
||
|
||
5.1. Cache Directive Registry
|
||
|
||
The registration procedure for HTTP Cache Directives is defined by
|
||
Section 3.2.3 of this document.
|
||
|
||
The HTTP Cache Directive Registry shall be created at
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 28]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
<http://www.iana.org/assignments/http-cache-directives> and be
|
||
populated with the registrations below:
|
||
|
||
+------------------------+------------------------------+
|
||
| Cache Directive | Reference |
|
||
+------------------------+------------------------------+
|
||
| max-age | Section 3.2.1, Section 3.2.2 |
|
||
| max-stale | Section 3.2.1 |
|
||
| min-fresh | Section 3.2.1 |
|
||
| must-revalidate | Section 3.2.2 |
|
||
| no-cache | Section 3.2.1, Section 3.2.2 |
|
||
| no-store | Section 3.2.1, Section 3.2.2 |
|
||
| no-transform | Section 3.2.1, Section 3.2.2 |
|
||
| only-if-cached | Section 3.2.1 |
|
||
| private | Section 3.2.2 |
|
||
| proxy-revalidate | Section 3.2.2 |
|
||
| public | Section 3.2.2 |
|
||
| s-maxage | Section 3.2.2 |
|
||
| stale-if-error | [RFC5861], Section 4 |
|
||
| stale-while-revalidate | [RFC5861], Section 3 |
|
||
+------------------------+------------------------------+
|
||
|
||
5.2. Header Field Registration
|
||
|
||
The Message Header Field Registry located at <http://www.iana.org/
|
||
assignments/message-headers/message-header-index.html> shall be
|
||
updated with the permanent registrations below (see [RFC3864]):
|
||
|
||
+-------------------+----------+----------+-------------+
|
||
| Header Field Name | Protocol | Status | Reference |
|
||
+-------------------+----------+----------+-------------+
|
||
| Age | http | standard | Section 3.1 |
|
||
| Cache-Control | http | standard | Section 3.2 |
|
||
| Expires | http | standard | Section 3.3 |
|
||
| Pragma | http | standard | Section 3.4 |
|
||
| Vary | http | standard | Section 3.5 |
|
||
| Warning | http | standard | Section 3.6 |
|
||
+-------------------+----------+----------+-------------+
|
||
|
||
The change controller is: "IETF (iesg@ietf.org) - Internet
|
||
Engineering Task Force".
|
||
|
||
6. Security Considerations
|
||
|
||
Caches expose additional potential vulnerabilities, since the
|
||
contents of the cache represent an attractive target for malicious
|
||
exploitation. Because cache contents persist after an HTTP request
|
||
is complete, an attack on the cache can reveal information long after
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 29]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
a user believes that the information has been removed from the
|
||
network. Therefore, cache contents need to be protected as sensitive
|
||
information.
|
||
|
||
7. Acknowledgments
|
||
|
||
Much of the content and presentation of the caching design is due to
|
||
suggestions and comments from individuals including: Shel Kaphan,
|
||
Paul Leach, Koen Holtman, David Morris, and Larry Masinter.
|
||
|
||
8. References
|
||
|
||
8.1. Normative References
|
||
|
||
[Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
|
||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
|
||
and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections,
|
||
and Message Parsing", draft-ietf-httpbis-p1-messaging-11
|
||
(work in progress), August 2010.
|
||
|
||
[Part2] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
|
||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
|
||
and J. Reschke, Ed., "HTTP/1.1, part 2: Message
|
||
Semantics", draft-ietf-httpbis-p2-semantics-11 (work in
|
||
progress), August 2010.
|
||
|
||
[Part4] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
|
||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
|
||
and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional
|
||
Requests", draft-ietf-httpbis-p4-conditional-11 (work in
|
||
progress), August 2010.
|
||
|
||
[Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
|
||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
|
||
and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and
|
||
Partial Responses", draft-ietf-httpbis-p5-range-11 (work
|
||
in progress), August 2010.
|
||
|
||
[Part7] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
|
||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
|
||
and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication",
|
||
draft-ietf-httpbis-p7-auth-11 (work in progress),
|
||
August 2010.
|
||
|
||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
||
Requirement Levels", BCP 14, RFC 2119, March 1997.
|
||
|
||
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 30]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Specifications: ABNF", STD 68, RFC 5234, January 2008.
|
||
|
||
8.2. Informative References
|
||
|
||
[RFC1305] Mills, D., "Network Time Protocol (Version 3)
|
||
Specification, Implementation", RFC 1305, March 1992.
|
||
|
||
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
|
||
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
|
||
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
|
||
|
||
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
|
||
Procedures for Message Header Fields", BCP 90, RFC 3864,
|
||
September 2004.
|
||
|
||
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
|
||
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
|
||
May 2008.
|
||
|
||
[RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale
|
||
Content", RFC 5861, April 2010.
|
||
|
||
Appendix A. Changes from RFC 2616
|
||
|
||
Make the specified age calculation algorithm less conservative.
|
||
(Section 2.3.2)
|
||
|
||
Remove requirement to consider Content-Location in successful
|
||
responses in order to determine the appropriate response to use.
|
||
(Section 2.4)
|
||
|
||
Clarify denial of service attack avoidance requirement.
|
||
(Section 2.5)
|
||
|
||
Do not mention RFC 2047 encoding and multiple languages in Warning
|
||
headers anymore, as these aspects never were implemented.
|
||
(Section 3.6)
|
||
|
||
Appendix B. Collected ABNF
|
||
|
||
Age = "Age:" OWS Age-v
|
||
Age-v = delta-seconds
|
||
|
||
Cache-Control = "Cache-Control:" OWS Cache-Control-v
|
||
Cache-Control-v = *( "," OWS ) cache-directive *( OWS "," [ OWS
|
||
cache-directive ] )
|
||
|
||
Expires = "Expires:" OWS Expires-v
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 31]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Expires-v = HTTP-date
|
||
|
||
HTTP-date = <HTTP-date, defined in [Part1], Section 6.1>
|
||
|
||
OWS = <OWS, defined in [Part1], Section 1.2.2>
|
||
|
||
Pragma = "Pragma:" OWS Pragma-v
|
||
Pragma-v = *( "," OWS ) pragma-directive *( OWS "," [ OWS
|
||
pragma-directive ] )
|
||
|
||
Vary = "Vary:" OWS Vary-v
|
||
Vary-v = "*" / ( *( "," OWS ) field-name *( OWS "," [ OWS field-name
|
||
] ) )
|
||
|
||
Warning = "Warning:" OWS Warning-v
|
||
Warning-v = *( "," OWS ) warning-value *( OWS "," [ OWS warning-value
|
||
] )
|
||
|
||
cache-directive = cache-request-directive / cache-response-directive
|
||
cache-extension = token [ "=" ( token / quoted-string ) ]
|
||
cache-request-directive = "no-cache" / "no-store" / ( "max-age="
|
||
delta-seconds ) / ( "max-stale" [ "=" delta-seconds ] ) / (
|
||
"min-fresh=" delta-seconds ) / "no-transform" / "only-if-cached" /
|
||
cache-extension
|
||
cache-response-directive = "public" / ( "private" [ "=" DQUOTE *( ","
|
||
OWS ) field-name *( OWS "," [ OWS field-name ] ) DQUOTE ] ) / (
|
||
"no-cache" [ "=" DQUOTE *( "," OWS ) field-name *( OWS "," [ OWS
|
||
field-name ] ) DQUOTE ] ) / "no-store" / "no-transform" /
|
||
"must-revalidate" / "proxy-revalidate" / ( "max-age=" delta-seconds
|
||
) / ( "s-maxage=" delta-seconds ) / cache-extension
|
||
|
||
delta-seconds = 1*DIGIT
|
||
|
||
extension-pragma = token [ "=" ( token / quoted-string ) ]
|
||
|
||
field-name = <field-name, defined in [Part1], Section 3.2>
|
||
|
||
port = <port, defined in [Part1], Section 2.6>
|
||
pragma-directive = "no-cache" / extension-pragma
|
||
pseudonym = <pseudonym, defined in [Part1], Section 9.9>
|
||
|
||
quoted-string = <quoted-string, defined in [Part1], Section 1.2.2>
|
||
|
||
token = <token, defined in [Part1], Section 1.2.2>
|
||
|
||
uri-host = <uri-host, defined in [Part1], Section 2.6>
|
||
|
||
warn-agent = ( uri-host [ ":" port ] ) / pseudonym
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 32]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
warn-code = 3DIGIT
|
||
warn-date = DQUOTE HTTP-date DQUOTE
|
||
warn-text = quoted-string
|
||
warning-value = warn-code SP warn-agent SP warn-text [ SP warn-date
|
||
]
|
||
|
||
ABNF diagnostics:
|
||
|
||
; Age defined but not used
|
||
; Cache-Control defined but not used
|
||
; Expires defined but not used
|
||
; Pragma defined but not used
|
||
; Vary defined but not used
|
||
; Warning defined but not used
|
||
|
||
Appendix C. Change Log (to be removed by RFC Editor before publication)
|
||
|
||
C.1. Since RFC2616
|
||
|
||
Extracted relevant partitions from [RFC2616].
|
||
|
||
C.2. Since draft-ietf-httpbis-p6-cache-00
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/9>: "Trailer"
|
||
(<http://purl.org/NET/http-errata#trailer-hop>)
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/12>: "Invalidation
|
||
after Update or Delete"
|
||
(<http://purl.org/NET/http-errata#invalidupd>)
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and
|
||
Informative references"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/48>: "Date reference
|
||
typo"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/49>: "Connection
|
||
header text"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/65>: "Informative
|
||
references"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/66>: "ISO-8859-1
|
||
Reference"
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 33]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/86>: "Normative up-
|
||
to-date references"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/87>: "typo in
|
||
13.2.2"
|
||
|
||
Other changes:
|
||
|
||
o Use names of RFC4234 core rules DQUOTE and HTAB (work in progress
|
||
on <http://tools.ietf.org/wg/httpbis/trac/ticket/36>)
|
||
|
||
C.3. Since draft-ietf-httpbis-p6-cache-01
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/82>: "rel_path not
|
||
used"
|
||
|
||
Other changes:
|
||
|
||
o Get rid of duplicate BNF rule names ("host" -> "uri-host") (work
|
||
in progress on <http://tools.ietf.org/wg/httpbis/trac/ticket/36>)
|
||
|
||
o Add explicit references to BNF syntax and rules imported from
|
||
other parts of the specification.
|
||
|
||
C.4. Since draft-ietf-httpbis-p6-cache-02
|
||
|
||
Ongoing work on IANA Message Header Registration
|
||
(<http://tools.ietf.org/wg/httpbis/trac/ticket/40>):
|
||
|
||
o Reference RFC 3984, and update header registrations for headers
|
||
defined in this document.
|
||
|
||
C.5. Since draft-ietf-httpbis-p6-cache-03
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/106>: "Vary header
|
||
classification"
|
||
|
||
C.6. Since draft-ietf-httpbis-p6-cache-04
|
||
|
||
Ongoing work on ABNF conversion
|
||
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
|
||
|
||
o Use "/" instead of "|" for alternatives.
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 34]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
|
||
whitespace ("OWS") and required whitespace ("RWS").
|
||
|
||
o Rewrite ABNFs to spell out whitespace rules, factor out header
|
||
value format definitions.
|
||
|
||
C.7. Since draft-ietf-httpbis-p6-cache-05
|
||
|
||
This is a total rewrite of this part of the specification.
|
||
|
||
Affected issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/54>: "Definition of
|
||
1xx Warn-Codes"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/60>: "Placement of
|
||
13.5.1 and 13.5.2"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/138>: "The role of
|
||
Warning and Semantic Transparency in Caching"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/139>: "Methods and
|
||
Caching"
|
||
|
||
In addition: Final work on ABNF conversion
|
||
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
|
||
|
||
o Add appendix containing collected and expanded ABNF, reorganize
|
||
ABNF introduction.
|
||
|
||
C.8. Since draft-ietf-httpbis-p6-cache-06
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/161>: "base for
|
||
numeric protocol elements"
|
||
|
||
Affected issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/37>: Vary and non-
|
||
existant headers
|
||
|
||
C.9. Since draft-ietf-httpbis-p6-cache-07
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/54>: "Definition of
|
||
1xx Warn-Codes"
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 35]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/167>: "Content-
|
||
Location on 304 responses"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/169>: "private and
|
||
no-cache CC directives with headers"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/187>: "RFC2047 and
|
||
warn-text"
|
||
|
||
C.10. Since draft-ietf-httpbis-p6-cache-08
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/147>: "serving
|
||
negotiated responses from cache: header-specific canonicalization"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/197>: "Effect of CC
|
||
directives on history lists"
|
||
|
||
Affected issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/199>: Status codes
|
||
and caching
|
||
|
||
Partly resolved issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/60>: "Placement of
|
||
13.5.1 and 13.5.2"
|
||
|
||
C.11. Since draft-ietf-httpbis-p6-cache-09
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/29>: "Age
|
||
calculation"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/168>: "Clarify
|
||
differences between / requirements for request and response CC
|
||
directives"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/174>: "Caching
|
||
authenticated responses"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/208>: "IANA registry
|
||
for cache-control directives"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/211>: "Heuristic
|
||
caching of URLs with query components"
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 36]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Partly resolved issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/196>: "Term for the
|
||
requested resource's URI"
|
||
|
||
C.12. Since draft-ietf-httpbis-p6-cache-10
|
||
|
||
Closed issues:
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/109>: "Clarify
|
||
entity / representation / variant terminology"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/220>: "consider
|
||
removing the 'changes from 2068' sections"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/223>: "Allowing
|
||
heuristic caching for new status codes"
|
||
|
||
o <http://tools.ietf.org/wg/httpbis/trac/ticket/223>: "Allowing
|
||
heuristic caching for new status codes"
|
||
|
||
o Clean up TODOs and prose in "Combining Responses."
|
||
|
||
Index
|
||
|
||
A
|
||
age 6
|
||
Age header 17
|
||
|
||
C
|
||
cache 5
|
||
Cache Directives
|
||
max-age 19, 22
|
||
max-stale 19
|
||
min-fresh 19
|
||
must-revalidate 22
|
||
no-cache 19, 21
|
||
no-store 19, 21
|
||
no-transform 20, 22
|
||
only-if-cached 20
|
||
private 20
|
||
proxy-revalidate 22
|
||
public 20
|
||
s-maxage 22
|
||
Cache-Control header 18
|
||
cacheable 5
|
||
|
||
E
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 37]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Expires header 24
|
||
explicit expiration time 5
|
||
|
||
F
|
||
first-hand 6
|
||
fresh 6
|
||
freshness lifetime 6
|
||
|
||
G
|
||
Grammar
|
||
Age 17
|
||
Age-v 17
|
||
Cache-Control 18
|
||
Cache-Control-v 18
|
||
cache-extension 18
|
||
cache-request-directive 18
|
||
cache-response-directive 20
|
||
delta-seconds 17
|
||
Expires 24
|
||
Expires-v 24
|
||
extension-pragma 24
|
||
Pragma 24
|
||
pragma-directive 24
|
||
Pragma-v 24
|
||
Vary 25
|
||
Vary-v 25
|
||
warn-agent 26
|
||
warn-code 26
|
||
warn-date 26
|
||
warn-text 26
|
||
Warning 26
|
||
Warning-v 26
|
||
warning-value 26
|
||
|
||
H
|
||
Headers
|
||
Age 17
|
||
Cache-Control 18
|
||
Expires 24
|
||
Pragma 24
|
||
Vary 25
|
||
Warning 26
|
||
heuristic expiration time 5
|
||
|
||
M
|
||
max-age
|
||
Cache Directive 19, 22
|
||
max-stale
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 38]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Cache Directive 19
|
||
min-fresh
|
||
Cache Directive 19
|
||
must-revalidate
|
||
Cache Directive 22
|
||
|
||
N
|
||
no-cache
|
||
Cache Directive 19, 21
|
||
no-store
|
||
Cache Directive 19, 21
|
||
no-transform
|
||
Cache Directive 20, 22
|
||
|
||
O
|
||
only-if-cached
|
||
Cache Directive 20
|
||
|
||
P
|
||
Pragma header 24
|
||
private
|
||
Cache Directive 20
|
||
proxy-revalidate
|
||
Cache Directive 22
|
||
public
|
||
Cache Directive 20
|
||
|
||
S
|
||
s-maxage
|
||
Cache Directive 22
|
||
stale 6
|
||
|
||
V
|
||
validator 6
|
||
Vary header 25
|
||
|
||
W
|
||
Warning header 26
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 39]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Authors' Addresses
|
||
|
||
Roy T. Fielding (editor)
|
||
Day Software
|
||
23 Corporate Plaza DR, Suite 280
|
||
Newport Beach, CA 92660
|
||
USA
|
||
|
||
Phone: +1-949-706-5300
|
||
Fax: +1-949-706-5305
|
||
EMail: fielding@gbiv.com
|
||
URI: http://roy.gbiv.com/
|
||
|
||
|
||
Jim Gettys
|
||
Alcatel-Lucent Bell Labs
|
||
21 Oak Knoll Road
|
||
Carlisle, MA 01741
|
||
USA
|
||
|
||
EMail: jg@freedesktop.org
|
||
URI: http://gettys.wordpress.com/
|
||
|
||
|
||
Jeffrey C. Mogul
|
||
Hewlett-Packard Company
|
||
HP Labs, Large Scale Systems Group
|
||
1501 Page Mill Road, MS 1177
|
||
Palo Alto, CA 94304
|
||
USA
|
||
|
||
EMail: JeffMogul@acm.org
|
||
|
||
|
||
Henrik Frystyk Nielsen
|
||
Microsoft Corporation
|
||
1 Microsoft Way
|
||
Redmond, WA 98052
|
||
USA
|
||
|
||
EMail: henrikn@microsoft.com
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 40]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Larry Masinter
|
||
Adobe Systems, Incorporated
|
||
345 Park Ave
|
||
San Jose, CA 95110
|
||
USA
|
||
|
||
EMail: LMM@acm.org
|
||
URI: http://larry.masinter.net/
|
||
|
||
|
||
Paul J. Leach
|
||
Microsoft Corporation
|
||
1 Microsoft Way
|
||
Redmond, WA 98052
|
||
|
||
EMail: paulle@microsoft.com
|
||
|
||
|
||
Tim Berners-Lee
|
||
World Wide Web Consortium
|
||
MIT Computer Science and Artificial Intelligence Laboratory
|
||
The Stata Center, Building 32
|
||
32 Vassar Street
|
||
Cambridge, MA 02139
|
||
USA
|
||
|
||
EMail: timbl@w3.org
|
||
URI: http://www.w3.org/People/Berners-Lee/
|
||
|
||
|
||
Yves Lafon (editor)
|
||
World Wide Web Consortium
|
||
W3C / ERCIM
|
||
2004, rte des Lucioles
|
||
Sophia-Antipolis, AM 06902
|
||
France
|
||
|
||
EMail: ylafon@w3.org
|
||
URI: http://www.raubacapeu.net/people/yves/
|
||
|
||
|
||
Mark Nottingham (editor)
|
||
|
||
EMail: mnot@mnot.net
|
||
URI: http://www.mnot.net/
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 41]
|
||
|
||
Internet-Draft HTTP/1.1, Part 6 August 2010
|
||
|
||
|
||
Julian F. Reschke (editor)
|
||
greenbytes GmbH
|
||
Hafenweg 16
|
||
Muenster, NW 48155
|
||
Germany
|
||
|
||
Phone: +49 251 2807760
|
||
Fax: +49 251 2807761
|
||
EMail: julian.reschke@greenbytes.de
|
||
URI: http://greenbytes.de/tech/webdav/
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Fielding, et al. Expires February 5, 2011 [Page 42]
|
||
|