httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: cvs commit: httpd-2.0/modules/http http_protocol.c
Date Wed, 16 Apr 2003 16:03:16 GMT
At 03:24 AM 4/16/2003, Graham Leggett wrote:
>William A. Rowe, Jr. wrote:
>>-1 veto-not-vote.
>>This breaks the protocol.
>The patch is in response to a bug report which claims the existing behavior breaks the

for one specific (proxy) case.  Your patch allowed all to be overridden.

AFAICT, we need to pass Server: and Date: from the origin server if this 
is a proxy request.  Now that might come from mod_proxy; but it might 
also come from a proxy implemented as a CGI, or Java servlet.  
Look at two bits of RFC 2616 14.18:

  The Date general-header field represents the date and time at which
  the message was originated, having the same semantics as orig-date in
  RFC 822. 
  The HTTP-date sent in a Date header SHOULD NOT represent a date and
  time subsequent to the generation of the message. It SHOULD represent
  the best available approximation of the date and time of message
  generation, unless the implementation has no means of generating a
  reasonably accurate date and time. In theory, the date ought to
  represent the moment just before the entity is generated. In
  practice, the date can be generated at any time during the message
  origination without affecting its semantic value.

In other words - Apache chooses the "Origin" date, as it *is* the origin server, 
unless this is a proxy request.
Now how can we determine we are not the origin server of the request?  Only 
one reliable criteria that I could find, sec 14.19:

  The Via general-header field MUST be used by gateways and proxies to
  indicate the intermediate protocols and recipients between the user
  agent and the server on requests, and between the origin server and
  the client on responses.

>So what is the correct behaviour supposed to be?

If Via: is set, then we are OK sending the Origin server's Date:, and Server: (ours goes
in a Via: header) ... from 14.38;

  The Server response-header field contains information about the
  software used by the origin server to handle the request. 

So if we conditionally allow Server/Date by the Via header's presence
we are "following the RFC".


View raw message