I'm not sure if the Wikipedia cookie is being treated as authentication for the purposes of this definition, but if it is, caching the site-wide CSS or JS seems unlikely to hurt (since it really is "public") - but obviously caching the user-specific CSS or JS would be bad.
Why? User-specific CSS and JS is still public.
That's true - I had assumed it was private (not that I've ever put anything there that I particularly cared about being private) - but you're correct, it's not ... which in turn raises another question:
------------------------------------------------------------------- root@bling:/var/www/hosts/mediawiki/wiki/skins# curl --silent --include --head "http://en.wikipedia.org/w/index.php?title=User:Nickj/monobook.js&action=..." HTTP/1.0 200 OK Date: Wed, 07 Feb 2007 06:17:28 GMT Server: Apache X-Powered-By: PHP/5.1.2 Cache-Control: private, s-maxage=0, max-age=2678400 Last-Modified: Wed, 31 Jan 2007 05:56:29 GMT Content-Type: text/javascript; charset=utf-8 X-Cache: MISS from sq16.wikimedia.org X-Cache-Lookup: MISS from sq16.wikimedia.org:80 Via: 1.0 sq16.wikimedia.org:80 (squid/2.6.STABLE9) Connection: close
root@bling:/var/www/hosts/mediawiki/wiki/skins# curl --silent --include --head "http://en.wikipedia.org/w/index.php?title=User:Nickj/monobook.js&action=..."
[ ... snip 3 more tests and responses from servers that's aren't sq16.wikimedia.org ... ]
root@bling:/var/www/hosts/mediawiki/wiki/skins# curl --silent --include --head "http://en.wikipedia.org/w/index.php?title=User:Nickj/monobook.js&action=..." HTTP/1.0 200 OK Date: Wed, 07 Feb 2007 06:17:41 GMT Server: Apache X-Powered-By: PHP/5.1.2 Cache-Control: private, s-maxage=0, max-age=2678400 Last-Modified: Wed, 31 Jan 2007 05:56:29 GMT Content-Type: text/javascript; charset=utf-8 X-Cache: MISS from sq16.wikimedia.org X-Cache-Lookup: MISS from sq16.wikimedia.org:80 Via: 1.0 sq16.wikimedia.org:80 (squid/2.6.STABLE9) Connection: close
-------------------------------------------------------------------
So, the question is: Why is the cache-control line for raw custom JS and CSS marked as "private" ?
From http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1 , it defines the
"private" directive as: ------------------------------- private Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache. This allows an origin server to state that the specified parts of the response are intended for only one user and are not a valid response for requests by other users. A private (non-shared) cache MAY cache the response. -------------------------------
So, if the web page is public anyway, and people *do* use other people's custom CSS & JS (as I'm doing), why mark it as private when action=raw, and thus defeat shared caching?
All the best, Nick.