IETF Logo Mail Archive

Re: dont-revalidate Cache-Control header

Bryan McQuade <bmcquade@google.com> Mon, 13 July 2015 23:54 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17BA71A87E0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 Jul 2015 16:54:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.389
X-Spam-Level:
X-Spam-Status: No, score=-6.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2quFXva3lnOk for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 13 Jul 2015 16:54:01 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EFA91A87D2 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 13 Jul 2015 16:54:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ZEnTy-0007a9-7o for ietf-http-wg-dist@listhub.w3.org; Mon, 13 Jul 2015 23:49:58 +0000
Resent-Date: Mon, 13 Jul 2015 23:49:58 +0000
Resent-Message-Id: <E1ZEnTy-0007a9-7o@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <bmcquade@google.com>) id 1ZEnTu-0007ZN-9C for ietf-http-wg@listhub.w3.org; Mon, 13 Jul 2015 23:49:54 +0000
Received: from mail-wi0-f175.google.com ([209.85.212.175]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <bmcquade@google.com>) id 1ZEnTs-0007bd-Ei for ietf-http-wg@w3.org; Mon, 13 Jul 2015 23:49:53 +0000
Received: by widjy10 with SMTP id jy10so83781500wid.1 for <ietf-http-wg@w3.org>; Mon, 13 Jul 2015 16:49:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=zIc8en4Q0rS6pHwCUP9ka2ubt6MgJKWx4NJa5aRni+c=; b=ONyDyfVldtMvJbAuSlmP5TX/k8Ggq1bpePNN/Z1chNTUE9AhNb84MK0zJU+SlyKvmA atq7wsAmyiUau3IquFKmljJqN82ZU8EZMFGBy6d0ZtAy/FmcudrVX7aUiNHiaQAlAGth avREace3s0UFuHhY6AVGsSpLpgv68Xa+zrslv9ZbH3A3aBUeLPGvm81lz+L+sZCqWNbt 1HiG03Cr99MXkKyv0Iv41+I8kGXoZ+piwj6HvYxMuv28tfZ7cvKDnT3HZgsWzv6V21ja rwE0Y2LTAacpLaQvQzhwQBddY6mmcuI1LYiCNatfUF0Uhn+ym01meW+3/R4q0UbSGFeR 4lCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=zIc8en4Q0rS6pHwCUP9ka2ubt6MgJKWx4NJa5aRni+c=; b=WBR6ZErmnBHrpXHznqhqzY3jxxe2aUBFMLiIoNNU5wRr6x1lWQ7vOFZUVlObnzCJ4N 7CyMRmvhw4nNIDWAda0mGLxF2PzKsv96A3YFjssuRWYy+QIhCZ1m1nY7ARB5lsm14sz6 9UPLrjMQfPX4SidTaw7dX7Z8CIW4ZdlHYY66jMnEBCivexgb0wsfvpncmC5sH/br1OXh u6tH6QJMK7/mrmkn7iB597OpeXkwUG9F0jd1eOgKLuH6yOPNB1nIZC5MIiReM+31pesP pUDojFwWkHugfmSVigQC6uVnl7WarckMF8vXtFG5rzfyCgrpcLQHU8zIBAP104bSMpX/ OyzA==
X-Gm-Message-State: ALoCoQkd2fvEkYINK/aHddJ0ReSis3UR4Gr1K3omuvBdRH4nxacTQnpoWXOzO055/5RxdB5cDXr+
X-Received: by 10.180.218.227 with SMTP id pj3mr27401996wic.59.1436831365898; Mon, 13 Jul 2015 16:49:25 -0700 (PDT)
MIME-Version: 1.0
From: Bryan McQuade <bmcquade@google.com>
Date: Mon, 13 Jul 2015 23:49:16 +0000
Message-ID: <CADLGQyCv5bjKswZJ=uyvbJLcgs96fvAOzs+2SNDkApBNLm3ZqA@mail.gmail.com>
To: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="001a1134cd382adc6e051aca5f79"
Received-SPF: pass client-ip=209.85.212.175; envelope-from=bmcquade@google.com; helo=mail-wi0-f175.google.com
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: AWL=-0.103, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.428, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1ZEnTs-0007bd-Ei 9c38324140ac527b87613b1af8834f41
X-Original-To: ietf-http-wg@w3.org
Subject: Re: dont-revalidate Cache-Control header
Archived-At: <http://www.w3.org/mid/CADLGQyCv5bjKswZJ=uyvbJLcgs96fvAOzs+2SNDkApBNLm3ZqA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29947
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Some history around page refresh->subresource reload browser behavior:

HTTP/1.1 RFC (now deprecated):
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.4
"14.9.4 Cache Revalidation and Reload Controls: Sometimes a user agent
might want or need to insist that a cache revalidate its cache entry with
the origin server ... End-to-end revalidation might be necessary if either
the cache or the origin server has overestimated the expiration time of the
cached response. End-to-end reload may be necessary if the cache entry has
become corrupted for some reason."

I take the above to suggest that the page refresh->reload subresource
behavior was added to give users more certainty that refreshing a page
would reload any corrupted or out of date resources. This seems like a fine
default, but I agree with Ben that it'd be useful to allow web developers
to opt out of this behavior.

In order to opt out, we need to address the issues listed in the RFC:
a) if either the cache or the origin server has overestimated the
expiration time of the cached response
b) if the cache entry has become corrupted

For (a):
Will proxy caches add future max-age or Expires headers to resources that
they fetched from an origin, if the origin didn't provide any such headers?

For (b):
The user agent should be able to assert that the copy of the resource it
has is the 'right' copy, and not a corrupted copy, before deciding not to
attempt to reload the resource from the origin server.

RE: whether this mechanism should be associated with the resource vs the
page being loaded, I prefer associating the behavior with the resource (via
e.g. an HTTP response header or Cache-Control directive). If associated
with the resource rather than the page, third party resources
(ads/analytics/widgets/etc), which add latency to many page loads, could
also adopt this and prevent resource reloads on page refresh.

-bryan

v2.23.0 | Report a Bug | By Email