httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: HTTP/1.1 strict ruleset
Date Thu, 11 Aug 2016 20:09:30 GMT
On Thu, Aug 11, 2016 at 4:04 PM, Jim Jagielski <jim@jagunet.com> wrote:
>>  It seems that the two need some potentially different
>> rulesets. If you are running a forward proxy, you would want to be quite
>> strict about the responses. If you are only a gateway of trusted backend
>> servers and apps, you might want to be more tolerant (although Roy and
>> Jim may disagree with me on this.)

Devils advocate: Trusted backend + spectre of xss could put you right
back in strict mindset.

Mime
View raw message