Justin Erenkrantz wrote:
On Tue, Nov 08, 2005 at 07:48:07AM +0100, Ruediger Pluem wrote:
So do you think that there is a todo for mod_authz_host to add such things
or should this be left to the administrator who can of course use
mod_headers in the first case to add Cache-Control: private?
It'd be nice if mod_authz_host could figure out when to stick in
Cache-Control: private on its own.
A possible candidate looks to be in the else block near
mod_authz_host.c:279
else if (a->order[method] == DENY_THEN_ALLOW) {
Placing a config-overridable
apr_table_set("Cache-Control", "private");
line in that else block would likely work, I guess. (should that be
apr_table_merge instead?)
Completely untested and clearly not thought through. =) -- justin
Although the idea of setting cache-control based on Order seems nice at
first glance, I think we need to remember that users assume the
following three configs are interchangeable. And I don't see anything
inherently wrong with the assumption, given that they have the exact
same effect:
1. Order Allow,Deny
Allow from all
2. Order Deny,Allow
Allow from all
3. Order Deny,Allow
The difference between the three only becomes important if you add more
Allow/Deny directives.
Joshua.
