On Fri, Jan 23, 2004 at 11:28:28PM +0100, André Malo wrote: > * Joe Orton <[EMAIL PROTECTED]> wrote: > > > On Mon, Jan 12, 2004 at 12:04:38AM -0000, [EMAIL PROTECTED] wrote: > > > * mod_dav: Reject requests including fragment part in the > > > Request-URI. > > > > > > http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/main/mod_dav.c?r1=1.102&r2=1.103 > > > PR: 21779 > > > +1: jorton > > > + nd asks: Should we make it runtime configurable either to 400, > > > drop the+ fragment or just treat it as part of the > > > filename? > > > > I missed this till now, sorry. I don't see why it's worth a config > > option: the client is generating an invalid request, so let it break > > rather than trying to second-guess the escaping rules. The error_log > > message makes it clear what is wrong. > > Hmm, and then? I'd see it as a workaround for buggy clients like the > "redirect-carefully" variable.
It's a matter of degree. Just how many clients are broken, and what percentage of traffic do they represent? The redirect-carefully was put in because of a great many, popular clients were borken. Cheers, -g -- Greg Stein, http://www.lyra.org/
