* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #197 (closed design: fixed)

Opened 5 years ago

Last modified 4 years ago

Effect of CC directives on history lists

Reported by: mnot@pobox.com Owned by:
Priority: normal Milestone: 09
Component: p6-cache Severity: Active WG Document
Keywords: Cc:
Origin:

Description

Several browser vendors do or will soon respect CC: no-store and CC: max-age=0, must-revalidate for the purposes of history lists, because they see storing some responses in the history list as a security concern (e.g., something with credit card numbers on it).

However, 2616 says that a cache and a history list are separate, and notes that history lists should not unnecessarily prevent users from viewing stale resources.

This is vague; the wording here implies that the history list has the same store as the cache, even though they are almost always implemented separately, as the history list needs to incorporate browser-side state as well as resource state.

This section needs to be revised, and furthermore some means of control over the history list needs to be provided; either

  1. CC: no-store (and possibly other) directives apply to history lists as well, or
  2. Some other history-specific directives need to be minted (out of scope for HTTPbis, but it can be discussed on-list)

See also:

https://bugs.webkit.org/show_bug.cgi?id=26777 https://bugzilla.mozilla.org/show_bug.cgi?id=441751#c58 http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx

Attachments

i197.diff (2.5 KB) - added by julian.reschke@gmx.de 5 years ago.
Proposed patch for part 6.

Change History

Changed 5 years ago by julian.reschke@gmx.de

Proposed patch for part 6.

comment:1 Changed 4 years ago by julian.reschke@gmx.de

From [766]:

Simplify discussion of history lists (see #197)

comment:2 Changed 4 years ago by mnot@pobox.com

  • Status changed from new to closed
  • Resolution set to fixed

comment:3 Changed 4 years ago by mnot@pobox.com

  • Status changed from closed to reopened
  • Resolution fixed deleted

closed prematurely; reopen for review as part of -09 cycle.

comment:4 Changed 4 years ago by mnot@pobox.com

  • Milestone changed from unassigned to 09

comment:5 Changed 4 years ago by mnot@pobox.com

  • Status changed from reopened to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.