New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject uncachable status code #326
Conversation
@kinu wdyt? |
I think there is a reasonable set of status codes which we should allow, but not sure where the boundary is.
@kinu made a point that redirect is disallowed in the loading spec, so there is also discussion of where to enforce the restriction |
I'm less sure about the non-cacheable responses, for example for CaheStorage we don't check any of these but specifically throw an error if it's 206 (partial response). And if we take a deeper look getting 203 (non-authoritative) seems a little weird, handling of 206 (partial content) responses would need to be discussed in the loading spec (as well as handling of range requests), and all 3xx are forbidden in the loading spec. Overall I feel it might make better sense to have the part only in the loading spec, at least until we have a clearer thought of what should be valid. |
Well or maybe we can just start with 200 only. Looking into other status code most of them don't really make sense. (I prefer forbidding it in the loading spec though) /cc @horo-t |
A status code that is uncacheable by default can still be cached if it has explicit freshness information. I think you need to reference the entire response cacheability algorithm. |
@kinu Would you mind sharing the background why you'd prefer this to be loading spec? I'm mixed since we already have Another strawman would be to have:
|
@@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's replace the "or not cacheable" bit with the reference to https://httpwg.org/specs/rfc7234.html#rfc.section.3, since that also talks about methods.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |
1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7234}}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |||
return "invalid". | |||
1. If `exchange`'s response is not cachable by a public cache (Section 3 of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe "shared cache" is the right term, according to https://httpwg.org/specs/rfc7234.html#rfc.section.1. "public" is a response directive, not a type of cache.
I'd also rather not use the term "cacheable" here since https://httpwg.org/specs/rfc7234.html#rfc.section.3 doesn't define it as a predicate on responses. Instead perhaps:
1. If `exchange`'s response is not cachable by a public cache (Section 3 of | |
1. If Section 3 of {{RFC7234}} forbids a shared cache from storing `exchange`'s response, return "invalid". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -733,7 +733,7 @@ returns a failure or an [=exchange=] via the following steps: | |||
* |headers|[0] contains a `` `host` `` key. | |||
* |headers|[0][`` `:method` ``] is not `` `GET` ``. | |||
* |headers|[1] contains any keys starting with `` `:` `` that aren't `` `:status` ``. | |||
* |headers|[1][`` `:status` ``] doesn't consist of exactly 3 digits. | |||
* |headers|[1][`` `:status` ``] is not `` 200 ``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I agree with having this tighter restriction in the loading spec only, at least for now.
48c9fe2
to
ce2da0b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your review!
@@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |||
return "invalid". | |||
1. If `exchange`'s response is not cachable by a public cache (Section 3 of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Chromium CL: https://chromium-review.googlesource.com/c/chromium/src/+/1313712
Preview | Diff