If the Cache-Control directive "must-revalidate" is included, Win/Safari 4b and the latest nightly ignore the Expires header and max-age directive and send a conditional GET each time a resource is needed. must-revalidate defines behavior AFTER a cache becomes stale. FF3, IE8, O9.6, Chrome and Safari 3.2.2 behave correctly, only sending a conditional GET after the Expires time. Ignoring max-age is a long-standing webkit bug, but now Expires is being ignored as well. More here: http://mrclay.org/index.php/2009/02/24/safari-4-beta-cache-controlmust-revalidate-bug/
<rdar://problem/6624445>
In my testing, Safari 3.2.x on both Mac OS X 10.5.6 and Windows sends a conditional GET for the stylesheet in <http://mrclay.org/tests/mustRevalidateTest/> each time. It is true that visible results for this test differ between Safari 3 and 4beta, but that is caused by an unrelated change that triggers a bug in the test itself. Compare the following requests: ------------ $ curl -i "http://mrclay.org/tests/mustRevalidateTest/css.php" --header "If-Modified-Since: Thu, 2Feb 2009 01:28:11 GMT" HTTP/1.1 304 Not Modified Date: Wed, 08 Apr 2009 11:16:24 GMT Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.1.2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 ETag: "1235611691pub" Expires: Thu, 09 Apr 2009 11:09:44 GMT Cache-Control: max-age=86000, public, must-revalidate $ curl -i "http://mrclay.org/tests/mustRevalidateTest/css.php" --header "If-Modified-Since: Thu, 26 Feb 2009 01:28:11 GMT" --header 'If-None-Match: "1235611691pub"' HTTP/1.1 200 OK Date: Wed, 08 Apr 2009 11:16:28 GMT Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.1.2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.8 Expires: Thu, 09 Apr 2009 11:09:48 GMT ETag: "1235611691pub" Cache-Control: max-age=86000, public, must-revalidate Last-Modified: Thu, 26 Feb 2009 01:28:11 GMT Transfer-Encoding: chunked Content-Type: text/css #box { width:100px; height:100px; background: rgb(123,207,218); } ------------ For a request that doesn't contain a ETag conditional header, the script returns a 304 response, so it fails to detect undesired behavior. As mentioned in bug 13128, a workaround is to use Expires header - but it never worked if "Cache-Control: must-revalidate" was also sent. In my testing, an Expires header without Cache-Control works as expected in both Safari 3 and 4beta. There is no doubt that Safari behavior is not what is desired in this case, and this is tracked by Apple in a Radar bug created from bug 13128. Since I couldn't confirm that anything has changed in this regard between Safari 3 and Safari 4, I'm closing this bug as INVALID. Please let me know if I overlooked something.