You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This text says that a proxy doesn't store things like Proxy-Authenticate unless the cache key includes the proxy identity.
Header fields that are specific to a client's proxy configuration MUST NOT be stored, unless the cache incorporates the identity of the proxy into the cache key.
Should this be the identity of the proxy's client instead? Maybe the intent of this was to say that a proxy cache that uses authentication is prohibited from storing these header fields unless they might be valid when reused. But including the identity of the proxy (as opposed to the user of the proxy) could lead to these fields always being stored, because the proxy identity is probably the same for all its users.
The effect of including the identity of the client in the cache key would be to effectively make the responses containing these fields private, which works to ensure that different clients don't end up with bad authentication challenges being sent to them from cache. That might be OK.
That all said, caching something like Proxy-Authenticate and playing it back later seems like it might cause problems too, so maybe I'm missing something.
The text was updated successfully, but these errors were encountered:
This text says that a proxy doesn't store things like Proxy-Authenticate unless the cache key includes the proxy identity.
Should this be the identity of the proxy's client instead? Maybe the intent of this was to say that a proxy cache that uses authentication is prohibited from storing these header fields unless they might be valid when reused. But including the identity of the proxy (as opposed to the user of the proxy) could lead to these fields always being stored, because the proxy identity is probably the same for all its users.
The effect of including the identity of the client in the cache key would be to effectively make the responses containing these fields private, which works to ensure that different clients don't end up with bad authentication challenges being sent to them from cache. That might be OK.
That all said, caching something like Proxy-Authenticate and playing it back later seems like it might cause problems too, so maybe I'm missing something.
The text was updated successfully, but these errors were encountered: