HTTP Cache Groups

HTTP Cache Groups Cloudflare

Melbourne Australia mnot@mnot.net https://www.mnot.net/

WIT httpbis HTTP Caching Invalidation This specification introduces a means of describing the relationships between stored responses in HTTP caches, grouping them by associating a stored response with one or more strings.

Introduction HTTP caching operates at the granularity of a single resource; the freshness of one stored response does not affect that of others. This granularity can make caching more efficient -- for example, when a page is composed of many assets that have different requirements for caching. However, there are also cases where the relationship between stored responses could be used to improve cache efficiency. For example, it is often necessary to invalidate a set of related resources. This might be because a state-changing request has side effects on other resources, or it might be purely for administrative convenience (e.g., "invalidate this part of the site"). Grouping responses together provides a dedicated way to express these relationships, instead of relying on things like URL structure. In addition to sharing invalidation events, the relationships indicated by grouping can also be used by caches to optimise their operation (e.g., to inform the operation of cache eviction algorithms). introduces a means of describing the relationships between stored responses in HTTP caches, by associating those responses with one or more groups that reflect those relationships. It also describes how caches can use that information to apply invalidation events to members of a group. introduces one new source of such events: an HTTP response header field that allows a state-changing response to trigger a group invalidation. These mechanisms operate within a single cache, across the stored responses associated with a single origin server (see ). They do not address the issues of synchronising state between multiple caches (e.g., in a hierarchy or mesh), nor do they facilitate association of stored responses from disparate origins.

Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This specification uses the following terminology from : List, String, and Parameter.

The Cache-Groups Response Header Field The Cache-Groups response header field is a List of Strings (Sections and of ). Each member of the List is a value that identifies a group that the response belongs to. These Strings are opaque -- while they might have some meaning to the server that creates them, the cache does not have any insight into their structure or content (beyond uniquely identifying a group). The ordering of members is not significant. Unrecognised Parameters are to be ignored. Implementations MUST support at least 32 groups in a field value, with up to at least 32 characters in each member. Note that generic limitations on HTTP field lengths may constrain the size of this field value in practice.

Identifying Grouped Responses Two responses stored in the same cache are considered to belong to the same group when all of the following conditions are met:

They both contain a Cache-Groups response header field that contains the same String (in any position in the List), when compared character-by-character (case sensitive).
They both share the same URI origin (per ).

Cache Behaviour

Invalidation A cache that invalidates a stored response MAY invalidate any stored responses that share groups (per ) with that response. Note that further grouped invalidations are not triggered by a grouped invalidation; i.e., this mechanism does not cascade. Cache extensions can explicitly strengthen the requirement above. For example, a targeted cache control header field might specify that caches processing it are required to invalidate such responses.

The Cache-Group-Invalidation Response Header Field The Cache-Group-Invalidation response header field is a List of Strings (Sections and of ). Each member of the List is a value that identifies a group that the response invalidates, per . For example, following a POST request that has side effects on two cache groups, the corresponding response could indicate that stored responses associated with either or both of those groups should be invalidated with: The Cache-Group-Invalidation header field MUST be ignored on responses to requests that have a safe method (e.g., GET; see ). A cache that receives a Cache-Group-Invalidation header field on a response to an unsafe request MAY invalidate any stored responses that share groups (per ) with any of the listed groups. Cache extensions can explicitly strengthen the requirement above. For example, a targeted cache control header field might specify that caches processing it are required to respect the Cache-Group-Invalidation signal. The ordering of members is not significant. Unrecognised Parameters are to be ignored. Implementations MUST support at least 32 groups in a field value, with up to at least 32 characters in each member. Note that generic limitations on HTTP field lengths may constrain the size of this field value in practice.

IANA Considerations IANA has added the following entries to the "Hypertext Transfer Protocol (HTTP) Field Name Registry":

Field Name:: Cache-Groups
Status:: permanent
Reference:: RFC 9875

Field Name:: Cache-Group-Invalidation
Status:: permanent
Reference:: RFC 9875

Security Considerations This mechanism allows resources that share an origin to invalidate each other. Because of this, origins that represent multiple parties (sometimes referred to as "shared hosting") might allow one party to group its resources with those of others or to send signals that have side effects upon them. Shared hosts that wish to mitigate these risks can control access to the header fields defined in this specification.

References Normative References Informative References

Acknowledgements Thanks to for his review and suggestions.