[jira] Updated: (HTTPCLIENT-964) no-cache directives with field names are transmitted downstream

Fri, 02 Jul 2010 07:06:17 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jonathan Moore updated HTTPCLIENT-964:
--------------------------------------

    Attachment: no-cache-with-fields.patch

The attached patch adds a test to TestProtocolCompliance that allows for a 
variety of behaviors, all of which would be conditionally compliant:

1. raise a ClientProtocolException
2. return an error response without forwarding the request
3. forward a corrected request instead (possibly by rewriting to a simple 
"no-cache" with no field name)

The patch also applies a stopgap fix, which is to consider this a "fatally 
noncompliant" request in RequestProtocolCompliance.java and return a 400 error 
(option #2). However, I think it's worth discussing whether this
is the right approach or not. Another approach would simply be to not enforce 
this particular protocol requirement.

The patch is granted to the ASF with the permission of my employer.


> no-cache directives with field names are transmitted downstream
> ---------------------------------------------------------------
>
>                 Key: HTTPCLIENT-964
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-964
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: Cache
>    Affects Versions: 4.1 Alpha2
>            Reporter: Jonathan Moore
>            Priority: Trivial
>         Attachments: no-cache-with-fields.patch
>
>
> "Field names MUST NOT be included with the no-cache directive in a request."
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.4
> Currently, the cache implementation allows a request containing something 
> like:
>     Cache-Control: no-cache="Content-Location"
> to be passed downstream towards the origin.
> This is another one of those tricky situations where our client has passed us 
> a non-compliant request.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to