DO NOT REPLY [Bug 35217] extension cache-control directives MUST be ignored

Tue, 26 Aug 2008 10:18:15 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=35217





--- Comment #7 from rahul <[EMAIL PROTECTED]>  2008-08-26 10:17:53 PST ---
|I do not know whether the problem has been fixed since our original report,
but
|please note that the request in Comment #4 does not have quotes. The quotes
you
|see will be eaten by the shell. To Apache, the request looks more like this:

you are right, my testcases were wrong,
but my conclusion did not have anything to do with them.

> > So by definition a value such as
> > "xxxxx" will be interpreted by stripping away the separators. Thus the 
> > value "
> > max-age=0 "=blah is interpreted as [max-age=0] [=blah] where the second 
> > entry
> > is invalid while the first entry is valid cache control directive. 
> 
> Whether quoted strings are not token-like opaque blobs but regular input (that
> apparently should be re-parsed and interpreted!) preceded and followed by a
> separator is highly debatable.

Not according to rfc 2616. RFC 2616 states quite clearly that cache-extension
should be either token or token=(token|quoted-string)

Cache-Control   = "Cache-Control" ":" 1#cache-directive
    cache-directive = cache-request-directive
         | cache-response-directive
    cache-request-directive =
           "no-cache"                          ; Section 14.9.1
         | "no-store"                          ; Section 14.9.2
         | "max-age" "=" delta-seconds         ; Section 14.9.3, 14.9.4
         | "max-stale" [ "=" delta-seconds ]   ; Section 14.9.3
         | "min-fresh" "=" delta-seconds       ; Section 14.9.3
         | "no-transform"                      ; Section 14.9.5
         | "only-if-cached"                    ; Section 14.9.4
         | cache-extension                     ; Section 14.9.6

cache-extension = token [ "=" ( token | quoted-string ) ]

(Note that a quoted string is allowed after the '=' not before.)

> IMO, the second original test case leaves little doubt that there was a bug
> here because it uses a quoted string in the value of the extension directive.
> That usage is a 100% valid extension, right? Again, I do not know whether this
> has been fixed since.

So with the above definition of token, what is below is not valid, 

Cache-Control: public, " max-age=8,max-age=8 "=blah\r\n

while this would be
Cache-Control: public, blah=" max-age=8,max-age=8 "\r\n


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to