On 5/09/2016 9:52 p.m., Eduard Bagdasaryan wrote: > 2016-09-04 18:31 GMT+03:00 Amos Jeffries <[email protected]>: > >> * ccPrivate is only cacheable in the same conditions as >> ccNoCacheNoParams so should be a ENTRY_REVALIDATE_ALWAYS as well > > It is unclear what are these "same" conditions. RFC 7234 5.2.2.6: > > The "private" response directive indicates that the response message > is intended for a single user and MUST NOT be stored by a shared > cache. > > In my understanding Squid (as a shared cache) must not store "private" > responses at all (while user agents could). Is this correct? If yes, > currently Squid violates this MUST. > > On the other hand, "no-cache" without field-names does not impose > constraints on storing in the cache, but restricts the cache to always > revalidate. >
That is correct as the protocol RFC goes. However we still have people wanting the nasty refresh_pattern ignore-private option. In order to minimize the security issues that causes anything marked as CC:private that does get into cache needs to be revalidated on every use just like CC:no-cache. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
