httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: expires header merging
Date Sun, 09 Jun 1996 22:14:36 GMT
On Sun, 9 Jun 1996, Rob Hartill wrote:
> >  the problem is that any script can add whatever headers it likes, then
> >  when we introduce redirects and modules which add headers too, the
> >  whole thing gets really messy fast.
> >
> >Ummm... well, scripts can do whatever they like, but a response that
> >goes out with more than one expiration date is in *gross* violation of
> >the specs as I read them
> Okay. So do we need to stop Apache from passing on garbage?, it's
> Expires: today, might be something else tomorrow.

If the CGI author wants to send garbage, they're welcome.  If the CGI
author does something legitimate per HTTP and CGI specs (like send only 
one Expires: date) then Apache should not have any behavior which violates 
the specs either.

> Another suggestion is to define a set of HTTP headers that Apache
> must not merge. Instead the most recent duplicated header overwrites
> the last one. 

Yes, this would seem to be wise.  

> Headers can be divided into 3 types:
>  1) those that can be merged (",")  (default for unclassified headers)
>  2) those that should be duplicated (e.g. set-cookie)
>  3) those that should be overwritten (expires)

Yes.  Other possibilities for #3 are Content-type, Location: (?), Date:, 
Last-Modified, etc.  I'm sure our HTTP cop can provide a more complete 
list :)

Any unknown header should fall into #1.


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--  |  We're hiring!

View raw message