Description
org.apache.shindig.gadgets.http.HttpResponse.getCacheExpiration() utilizes a list of negative-cache-exempt HTTP returns statuses that by default contains 401 and 403 statuses. These exempt status codes will then try to use Cache-Control and Expires headers to figure out how long lived the response should be. If no Cache-Control or Expires headers exist on the response, the default cache time-to-live is uses, even if the response was a 401 or 403.
I would rather use the negative cache time-to-live in this case.