DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41651>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41651 Summary: SC_NOT_MODIFIED should not occur on secure sessions Product: Tomcat 5 Version: Unknown Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Servlets:WebDAV AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] SC_NOT_MODIFIED assumes that a cached instance of an object is present, but documents served over a secure connection shouldn't be cached. There are also other cases where the SC_NOT_MODIFIED status shouldn't be returned, but for simplicity I leave these out for now: Assuming that a secure HTTP connection is used, and that the user is authenticated by Basic authentication with read access (operations GET, PROPFIND, OPTIONS, LOCK and UNLOCK are permitted) A specific problem occurs when using Microsoft Word to access a WebDAV stored document over https as follows: 1. Open the document from the server. 2. Edit the document. 3. Try to save the document, but the permissions doesn't allow saving so the save fails with an error message in Word. (but Word writes the document to the web cache, (fault 1)) 4. Close MS Word. 5. Open the document from MS Word again. What happens now is that word first looks into the local cache and discovers the document that was written there during the attempted save and therefore does a request with the header field "if-none-match" over the secure connection. (fault 2) Then the server is validating that header field and returns a 304 (SC_NOT_MODIFIED) instead of ignoring the "if-none-match" data (fault2) and send the file. This is mostly a problem with MS WebDAV, but if the SC_NOT_MODIFIED isn't sent for the following cases the problem should be reduced: 1. No SC_NOT_MODIFIED for secure HTTP connections. 2. If it's possible to verify that no caching shall occur the SC_NOT_MODIFIED shouldn't be sent either. (this case may be a real problem) One way around that I have attempted at first was to implement a filter, but there is no easy way (that I have found) to filter certain headers from a HttpServletRequest. If the headers could be manipulated in a filter that would actually be an easy way around the problem. i.e. setHeader()/removeHeader()-methods for the HttpServletRequest (or superclass). The problem with this condition is that it may be the cause for confusion since documents may appear different on one client compared to another client while accessing the same source. From my point of view it's mostly a Microsoft problem, but this doesn't say that it can't occur with other applications as well. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
