I'm curious about the invalidation model for caches in HTTP. Section
13.10 specifies invalidation based upon PUT, POST, DELETE and
unrecognised methods, based upon the Request-URI, as well as the
Location and the Content-Location headers.
That's sensible and fairly straightforward, but the end of section
13.6 gives us this;
> If a cache receives a successful response whose Content-Location
> field matches that of an existing cache entry for the same Request-
> URI, whose entity-tag differs from that of the existing entry, and
> whose Date is more recent than that of the existing entry, the
> existing entry SHOULD NOT be returned in response to future
> requests and SHOULD be deleted from the cache.
This seems to re-specify 13.6, but for all methods (including GET)
and just Content-Location, and without the security model.
Am I reading this correctly ("the same" is a little confusing)?
If so, it might be more clear if this text were moved to 13.0 in
errata. Also shouldn't the security model be applied to this type of
invalidation as well?