0

I'm reading contradicting statements about no-cache and must-revalidate.

This answer says:

With must-revalidate, if the server doesn't respond to a revalidation request, the browser/proxy is supposed to return a 504 error. With no-cache, it would just show the cached content

However "just show the cached content" without revalidation contradicts what is in https://datatracker.ietf.org/doc/html/rfc7234#section-5.2.1.4:

The "no-cache" request directive indicates that a cache MUST NOT use a stored response to satisfy the request without successful validation on the origin server.

If it's true that no-cache won't allow the use of a cached response without revalidation, then what is the point of must-revalidate?

David Klempfner
  • 8,700
  • 20
  • 73
  • 153

1 Answers1

1

A cache may serve stale responses:

A "stale" response is one that either has explicit expiry information or is allowed to have heuristic expiry calculated, but is not fresh according to the calculations in Section 4.2.

Unless:

A cache MUST NOT generate a stale response if it is prohibited by an explicit in-protocol directive (e.g., by a "no-store" or "no-cache" cache directive, a "must-revalidate" cache-response-directive, or an applicable "s-maxage" or "proxy-revalidate" cache-response-directive; see Section 5.2.2).

Note in particular that in this requirement no-store and no-cache are cache directives, and must-revalidate is a cache-response directive.

So, must-revalidate is for an origin server to indicate that a response may not be reused when it goes stale, as opposed to a way for clients to indicate that they would not accept a stale response.

Joe
  • 29,416
  • 12
  • 68
  • 88