Reject uncachable status code #326
Conversation
|
@kinu wdyt? |
|
I think there is a reasonable set of status codes which we should allow, but not sure where the boundary is.
@kinu made a point that redirect is disallowed in the loading spec, so there is also discussion of where to enforce the restriction |
|
I'm less sure about the non-cacheable responses, for example for CaheStorage we don't check any of these but specifically throw an error if it's 206 (partial response). And if we take a deeper look getting 203 (non-authoritative) seems a little weird, handling of 206 (partial content) responses would need to be discussed in the loading spec (as well as handling of range requests), and all 3xx are forbidden in the loading spec. Overall I feel it might make better sense to have the part only in the loading spec, at least until we have a clearer thought of what should be valid. |
|
Well or maybe we can just start with 200 only. Looking into other status code most of them don't really make sense. (I prefer forbidding it in the loading spec though) /cc @horo-t |
|
A status code that is uncacheable by default can still be cached if it has explicit freshness information. I think you need to reference the entire response cacheability algorithm. |
|
@kinu Would you mind sharing the background why you'd prefer this to be loading spec? I'm mixed since we already have Another strawman would be to have:
|
| @@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
| 1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
| 1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
| not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
There was a problem hiding this comment.
Let's replace the "or not cacheable" bit with the reference to https://httpwg.org/specs/rfc7234.html#rfc.section.3, since that also talks about methods.
| @@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
| 1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
| 1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
| not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
| 1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |||
There was a problem hiding this comment.
| 1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |
| 1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7234}}), |
| @@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
| 1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
| 1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
| not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
| 1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |||
| return "invalid". | |||
| 1. If `exchange`'s response is not cachable by a public cache (Section 3 of | |||
There was a problem hiding this comment.
I believe "shared cache" is the right term, according to https://httpwg.org/specs/rfc7234.html#rfc.section.1. "public" is a response directive, not a type of cache.
I'd also rather not use the term "cacheable" here since https://httpwg.org/specs/rfc7234.html#rfc.section.3 doesn't define it as a predicate on responses. Instead perhaps:
| 1. If `exchange`'s response is not cachable by a public cache (Section 3 of | |
| 1. If Section 3 of {{RFC7234}} forbids a shared cache from storing `exchange`'s response, return "invalid". |
| @@ -733,7 +733,7 @@ returns a failure or an [=exchange=] via the following steps: | |||
| * |headers|[0] contains a `` `host` `` key. | |||
| * |headers|[0][`` `:method` ``] is not `` `GET` ``. | |||
| * |headers|[1] contains any keys starting with `` `:` `` that aren't `` `:status` ``. | |||
| * |headers|[1][`` `:status` ``] doesn't consist of exactly 3 digits. | |||
| * |headers|[1][`` `:status` ``] is not `` 200 ``. | |||
There was a problem hiding this comment.
I think I agree with having this tighter restriction in the loading spec only, at least for now.
nyaxt
force-pushed
the
statuscode
branch
2 times, most recently
from
48c9fe2
to
ce2da0b
Compare
| @@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
| 1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
| 1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
| not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
| 1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |||
| @@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
| 1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
| 1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
| not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
| 1. If `exchange`'s response is not complete, (Section 3.1 of {{!RFC7231}}), | |||
| return "invalid". | |||
| 1. If `exchange`'s response is not cachable by a public cache (Section 3 of | |||
| @@ -838,6 +838,10 @@ signature returns "valid", return "valid". Otherwise, return "invalid". | |||
| 1. Let `exchange` be the exchange metadata and headers parsed out of `headers`. | |||
| 1. If `exchange`'s request method is not safe (Section 4.2.1 of {{!RFC7231}}) or | |||
| not cacheable (Section 4.2.3 of {{!RFC7231}}), return "invalid". | |||
Chromium CL: https://chromium-review.googlesource.com/c/chromium/src/+/1313712
Preview | Diff