Marc Slemko wrote: > Isn't this a matter of IE incorrectly implementing the spec?
I'm not sure that this is the "famous" incompatibility between IE and Apache. But I'm not sure it isn't, too. In any case, something in the current code looks strange, and doesn't make sense. Are you sure that the "ifdefed" code implements the RFC? > Will making this change break browsers that do properly implement it? > > It is not obvious if or how we should attempt to cope with IE's > brokenness, so it is not something that can just be blindly > applied. Blindly ignoring the query string on a request can have > security implications as well that need to be understood. I don't see any security problem with it. I suggest to consider Ian's suggestion: > should we implement this kind of thing by way of a 'browsermatch ...' > so that we could live in the best of both worlds? or is this still a > security issue for IE users? (last quotation is from Ian) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
