fix wrong explanation about cache-control and authroization header

[Jxck]

Description

https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#private_caches

has incorrect explanation about cache-control and authorization header.

Motivation

in Spec (RFC 9111) only mentions that if request contains Authorization header, it can't be stored in Shared Cache by default.

https://httpwg.org/specs/rfc9111.html#response.cacheability:~:text=if%20the%20cache%20is%20shared%3A%20the%20authorization%20header%20field%20is%20not%20present%20in%20the%20request%20(see%20section%2011.6.2%20of%20%5Bhttp%5D)

if the cache is shared: the Authorization header field is not present in the request (see Section 11.6.2 of [HTTP])

But the content mentions like below.

Note that if the response has an Authorization header, it cannot be stored in the private cache (or a shared cache, unless public is specified).

should remove private cache from here.

Related issues and pull requests

Fixes #29019

[shin-mallang]

@Jxck
The changes are great.
But I think we've overlooked something.
The changes don't seem to have anything to do with private cache after all.
Is it right for this to be in the private cache paragraph?

---

(append)
And it seems to include similar content to this

The public value has the effect of making the response storable even if the Authorization header is present.
Note: The public directive should only be used if there is a need to store the response when the Authorization header is set. It is not required otherwise, because a response will be stored in the shared cache as long as max-age is given.
So if the response is personalized with basic authentication, the presence of public may cause problems. If you are concerned about that, you can choose the second-longest value, 38 (1 month).

(The above is what exists in the Cache Busting paragraph.)

[Jxck]

hmm, so it seems reasonable to just remove.
@hamishwillee how do you think ?

[github-actions]

Preview URLs

• /en-US/docs/Web/HTTP/Caching

External URLs (9)

URL: /en-US/docs/Web/HTTP/Caching
Title: HTTP caching

• https://blog.chromium.org/2017/01/reload-reloaded-faster-and-leaner-page_26.html (1 time)
• https://datatracker.ietf.org/doc/html/RFC9111 (1 time)
• https://datatracker.ietf.org/doc/html/rfc9204 (1 time)
• https://docs.microsoft.com/troubleshoot/developer/browsers/connectivity-navigation/how-to-prevent-caching (1 time)
• https://fetch.spec.whatwg.org/ (2 times)
• https://groups.google.com/a/mozilla.org/g/dev-platform/c/I939w1yrTp4 (1 time)
• https://httpwg.org/specs/rfc9111.html (1 time)
• https://httpwg.org/specs/rfc9213.html (1 time)
• https://www.mnot.net/cache_docs/ (1 time)

(comment last updated: 2023-09-15 02:50:28)

[hamishwillee]

Yes this should be removed. Serves me right for not reading all the context. I have made that change. Thanks @shin-mallang for sticking with it, and @Jxck for providing the canonical answer.

[Jxck]

@hamishwillee @shin-mallang Thanks for tons of helps!

[shin-mallang]

@hamishwillee @Jxck
I am honored😊
Thanks for your help.🙇🏻‍♂️