Re: [Zope-dev] Last-modified and bobobase_modification_time
Ah, well, that is not quite true. Zope (And apache, IIS, and others) may do the "right thing" and set or not set the headers, but IE at least definately DOES NOT do the correct thing when it comes to caching on the client (Even with caching disabled it still caches when it feels like it). Until clients improve, caching is just bad IMHO. Adrian... -- Adrian Hungate EMail: [EMAIL PROTECTED] Web: http://www.haqa.co.uk - Original Message - From: "Wei He" <[EMAIL PROTECTED]> To: "Toby Dickenson" <[EMAIL PROTECTED]> Cc: "Dieter Maurer" <[EMAIL PROTECTED]>; "R. David Murray" <[EMAIL PROTECTED]>; "Chris Withers" <[EMAIL PROTECTED]>; "Casey Duncan" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, June 20, 2002 2:45 PM Subject: Re: [Zope-dev] Last-modified and bobobase_modification_time > On Thu, 20 Jun 2002, Toby Dickenson wrote: > > > > In either case, Zope's current implementation needs to be > > > changed. Because it will give the client a false impression that a page has > > > not changed but actually it did. > > > > What part of Zope gets this wrong? > > > > I just realized that the Last-Modified header in a GET request is NOT > sent for a dynamic page. I was always asuming that it is the same as the > HEAD request of the same URL. > > So at least the user can get correct information cause the client cache > function will not work. Whether a cache server can handle this > situation or whether RFC allows doing this (haven't read yet) is not > a big problem. > > Sorry to everyone. And thank all of you. > > Wei He > > > > > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
On Tue, 18 Jun 2002, Dieter Maurer wrote: > Wei He writes: > > ... > > 2. From the website developers' point of view, there are already many > > guidlines on how to create a good webpage. Among them are using the HTTP > > Last-modification header to take the advantages of client cache. > I think you overestimate the importance of accurate "Last-Modified" > headers. > Perhaps. But I think Etag, If-Modified-Since or whatever headers only make sense to a cache server that is designed to use these values, not for a generic one or the end users browser clients. And the last one is the real place caching-related headers making sence to. If I understand correctly, the Expires header can only give the client an impression how ofter a page is updated. > I would use "Expires" and "Cache-Control" for cache control. > Only when you want to disable the cache function, can these two headers be useful. Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
Wei He writes: > ... > 2. From the website developers' point of view, there are already many > guidlines on how to create a good webpage. Among them are using the HTTP > Last-modification header to take the advantages of client cache. I think you overestimate the importance of accurate "Last-Modified" headers. In order for caching to be allowed, there must either be a "Last-Modified" or (alternatively) an "Etag" header. However, the value of the "Last-Modified" is almost irrelevant for caching. I think, it is only used when a HTTP cache validates on object, in that is uses this date in an "If-Modified-Since" request. I would use "Expires" and "Cache-Control" for cache control. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
Toby Dickenson wrote: >> Rendering may produce side effects. But "HEAD" requests >> are required by HTTP not to have side effects. > > > RFC 2616 section 9.4 states that "HEAD" is identical to "GET" in this respect, > and both should have no side effects. > > > On Tuesday 18 Jun 2002 10:26 am, Wei He wrote: > > >>I think the last step is to change the HEAD handling >>routine to the get information from GET. Does anyone have any idea? > > > Yes, I think that makes sense. > > A while ago the list discussed changing Zope's security declarations to add a > way to specify whether a published method has significant side-effects. > > Side-effect-free methods can have HEAD and GET handled identically. > > Methods declared to have side-effects can only be accessed though a POST. I > guess GET or HEAD on such methods would result in a 405 error (Method Not > Allowed) > > (Such a change would also go a long way to reducing the scope of > client-side-trojan vulnerabilities.) > Yes, and sadly this discussion died a miserable death. This is the point I omitted in my other reply. Dieter presumtion that GET can have sideeffect in zope, while right, shows exactly the problem with not following the RFC recommendations. I know that it is nearly impossible to follow this strictly - as far as I see it wouldn't even allow showing visitor stats on a frontpage - but zope should at least offer some infrastructure to handle this. And it absolutly should be stricter in it's management interfaces and such. To be clear, the RFC says: HEAD SHOULD NOT have sideffects. GET SHOULD NOT have sideffects. HEAD SHOULD return the same http-headers as GET. So none of the discussed changes would make zope violate the RFC, as it doesn't really require the above, it just recommends. cheers, oliver ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
> Rendering may produce side effects. But "HEAD" requests > are required by HTTP not to have side effects. RFC 2616 section 9.4 states that "HEAD" is identical to "GET" in this respect, and both should have no side effects. On Tuesday 18 Jun 2002 10:26 am, Wei He wrote: > I think the last step is to change the HEAD handling > routine to the get information from GET. Does anyone have any idea? Yes, I think that makes sense. A while ago the list discussed changing Zope's security declarations to add a way to specify whether a published method has significant side-effects. Side-effect-free methods can have HEAD and GET handled identically. Methods declared to have side-effects can only be accessed though a POST. I guess GET or HEAD on such methods would result in a 405 error (Method Not Allowed) (Such a change would also go a long way to reducing the scope of client-side-trojan vulnerabilities.) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
Wei He wrote: > On Tue, 18 Jun 2002, Oliver Bleutgen wrote: > > >>>Would please go a little bit deeper giving an example what information >>>HEAD requests don't pass to the server, although it's beyond this topic. >> >>HEAD requests are required to have no side effects. On the other hand >>they are required to return the same response as GET requests without >>the BODY. >>So GET returning another last-modified header than HEAD would be in >>violation of the RFC. This gets worse by the fact that HEAD can be used >>for caching purposes. > > > Totally understood. But the question is what RFC says about the > last-modified header. Shouldn't it reflect the latest update? Zope is > facing this problem because it handles the HEAD request seperately. > Am I right? > > I don't see any need to seperately handle the HEAD request. My hacking of > the last-modified header is done execpt that HEAD and wget -S returns > different headers. I think the last step is to change the HEAD handling > routine to the get information from GET. Does anyone have any idea? If you *really* want to, you can run a HEAD just like a GET, but after getting your last-modified and other details, abort the transaction to undo side-effects, then return the HEAD response. I would generally recommend against this, as it may end up being rather expensive. -- Steve Alexander ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
On Tue, 18 Jun 2002, Oliver Bleutgen wrote: > > > > Would please go a little bit deeper giving an example what information > > HEAD requests don't pass to the server, although it's beyond this topic. > > HEAD requests are required to have no side effects. On the other hand > they are required to return the same response as GET requests without > the BODY. > So GET returning another last-modified header than HEAD would be in > violation of the RFC. This gets worse by the fact that HEAD can be used > for caching purposes. Totally understood. But the question is what RFC says about the last-modified header. Shouldn't it reflect the latest update? Zope is facing this problem because it handles the HEAD request seperately. Am I right? I don't see any need to seperately handle the HEAD request. My hacking of the last-modified header is done execpt that HEAD and wget -S returns different headers. I think the last step is to change the HEAD handling routine to the get information from GET. Does anyone have any idea? Cheers, Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
Wei He wrote: > On Mon, 17 Jun 2002, Dieter Maurer wrote: > > >>R. David Murray writes: >> > ... >> > Well, there's two aspects to this. The first one is the quesiton of >> > *why* the last modified header is currently that of the outermost >> > page template. That's a [EMAIL PROTECTED] question. The second is >> > the question of whether or not that is the "right" behavior, and what >> > it would take to make Zope smarter such that the last modified header >> > would actually be accurate. >>Think about it. It is very difficult. >> >> In order to determine the accurate modification time, you need >> to render the template (as it is non-trivial to determine the >> set of objects the rendering depends on without actually >> doing the rendering). >> >> Rendering may produce side effects. But "HEAD" requests >> are required by HTTP not to have side effects. Thus, >> you cannot have accurate modified headers for "HEAD" requests. >> Moreover, usually "HEAD" requests do not pass the necessary >> parameters for template rendering. > > > Would please go a little bit deeper giving an example what information > HEAD requests don't pass to the server, although it's beyond this topic. HEAD requests are required to have no side effects. On the other hand they are required to return the same response as GET requests without the BODY. So GET returning another last-modified header than HEAD would be in violation of the RFC. This gets worse by the fact that HEAD can be used for caching purposes. cheers, oliver ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
On Sun, 16 Jun 2002, Chris Withers wrote: > Why do you think that? Surely all zope users will care about this? ;-) > Besides, that's not the point, re-read Casey's email more carefully... > > > Although I'm new to Zope, I'm not new to mailing list. I know the > > mailing list rule but I just don't agree with your classification of my > > question. > > Well, I second Casey's opinion :-P Well, there's two aspects to this. The first one is the quesiton of *why* the last modified header is currently that of the outermost page template. That's a [EMAIL PROTECTED] question. The second is the question of whether or not that is the "right" behavior, and what it would take to make Zope smarter such that the last modified header would actually be accurate. The answer to that may be, "there is no implementable algorithm that will work". That question still probably doesn't belong on zope-dev, though, but instead on zope3-dev . --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
On Sun, 16 Jun 2002, Chris Withers wrote: > > > BTW: This list if for development *of* Zope, the [EMAIL PROTECTED] list is > > > better for questions bout developing *with* Zope. > > > > > Thanks for your codes indeed. I posted it here because I thought only > > people have high developing skill care about whether their web > > pages are up-to-date to their readers and so care the HTTP Last-modified > > header. > > Why do you think that? Surely all zope users will care about this? ;-) > Besides, that's not the point, re-read Casey's email more carefully... > I don't think so. There are quite ofter a user should click CTRL and the refresh button to get the up-do-date page. This is because the Last-modified header not properly set. If DTML doesn't care about the modification time of it's code segments, it will definitely returns the template's modification time although the contents are keep on changing. My conclution is that if DTML doesn't do this or dosen't provide a simple way to do that, Zope may not care about the header at all. So dynamic webpage authors with basic skill could never control it. Only people have developing skill may do. Am I right? Here is Casey's email: > There is no automatic way in which DTML can do this for you. This is > simply because doesn't tell Zope what foo is. Is it a No mater what foo is, there is surely a last modification time of foo. If it is a document. that's easy. If it is a script, there should be a method like self.setLastModificationTime(scriptTime). This method should decide if scriptTime is newer than DTML document's own update time and set it if so. Then it's up to the script writer to call the method with the current time if he/she want to disable browser's caching function. > document or a script that returns something different every time it is > called or something else? In fact foo might different things at > different times, if you aquire the template into different contexts. What stops the main DTML document from knowing the last modification time of foo? In fact, Casey's script is just a walk-around. Script writers should manually create a list containing all code segments he/she dtml-vared. (Sorry for using this phrase to express my disagreement on choosing dtml-var against dtml-include). It's a boring task if there are many nested code segments included. I'm a PHP user for several years and I'm try to migrate part of my projects to Zope. Changing from PHP to DTML/Python is not a big deal. But I'm so used to the easy environment PHP provides coders. Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
> > BTW: This list if for development *of* Zope, the [EMAIL PROTECTED] list is > > better for questions bout developing *with* Zope. > > > Thanks for your codes indeed. I posted it here because I thought only > people have high developing skill care about whether their web > pages are up-to-date to their readers and so care the HTTP Last-modified > header. Why do you think that? Surely all zope users will care about this? ;-) Besides, that's not the point, re-read Casey's email more carefully... > Although I'm new to Zope, I'm not new to mailing list. I know the > mailing list rule but I just don't agree with your classification of my > question. Well, I second Casey's opinion :-P cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
On 14 Jun 2002, Casey Duncan wrote: > BTW: This list if for development *of* Zope, the [EMAIL PROTECTED] list is > better for questions bout developing *with* Zope. > Thanks for your codes indeed. I posted it here because I thought only people have high developing skill care about whether their web pages are up-to-date to their readers and so care the HTTP Last-modified header. And why don't you think this issue is not for Zope developers? Dosen't Zope care about readers getting the accurate information? Although I'm new to Zope, I'm not new to mailing list. I know the mailing list rule but I just don't agree with your classification of my question. I'll post the next develope-with-zope issue to that list. > There is no automatic way in which DTML can do this for you. This is > simply because doesn't tell Zope what foo is. Is it a > document or a script that returns something different every time it is > called or something else? In fact foo might different things at > different times, if you aquire the template into different contexts. I think it isn't a bad thing DTML doing this for me. At least the Last-modified header can refelect the template modification time. Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
Casey Duncan wrote:
> BTW: This list if for development *of* Zope, the [EMAIL PROTECTED] list is
> better for questions bout developing *with* Zope.
>
> On to your question:
>
> There is no automatic way in which DTML can do this for you. This is
> simply because doesn't tell Zope what foo is. Is it a
> document or a script that returns something different every time it is
> called or something else? In fact foo might different things at
> different times, if you aquire the template into different contexts.
>
> Anyhow, if you really want to set a Last-Modified header that reflects
> the latest of a group of documents, you can write a python script that
> accepts either a list of names or objects to test. For the latter here's
> a Py script named "setLastModTime" with a single argument, "*objects":
>
> last_mod = objects[0].bobobase_modification_time()
> for ob in objects[1:]:
> last_mod = max(last_mod, ob.bobobase_modification_time())
> context.REQUEST.RESPONSE.setHeader('Last-Modified', last_mod.rfc822())
> return last_mod # for debugging purposes
>
> Then from dtml:
>
>
A similar approach would be for each page fragment to set the
Last-Modified head if either there is no header set, or its own
last-modified time is later than one that is set.
--
Steve Alexander
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Last-modified and bobobase_modification_time
BTW: This list if for development *of* Zope, the [EMAIL PROTECTED] list is
better for questions bout developing *with* Zope.
On to your question:
There is no automatic way in which DTML can do this for you. This is
simply because doesn't tell Zope what foo is. Is it a
document or a script that returns something different every time it is
called or something else? In fact foo might different things at
different times, if you aquire the template into different contexts.
Anyhow, if you really want to set a Last-Modified header that reflects
the latest of a group of documents, you can write a python script that
accepts either a list of names or objects to test. For the latter here's
a Py script named "setLastModTime" with a single argument, "*objects":
last_mod = objects[0].bobobase_modification_time()
for ob in objects[1:]:
last_mod = max(last_mod, ob.bobobase_modification_time())
context.REQUEST.RESPONSE.setHeader('Last-Modified', last_mod.rfc822())
return last_mod # for debugging purposes
Then from dtml:
hth,
Casey
On Fri, 2002-06-14 at 00:10, Wei He wrote:
> Hi all,
>
> Say you have 1_html with only one line:
>
>
> When you HEAD http://xxx/1_html, you get Last-Modified refelecting only
> the last modification time of 1_html, while most people is expecting it
> to be newer one of 1_html and 2_html.
>
> Does anyone know of a walk-around like using the max() of
> bobobase_modification_time().timeTime() on the document itself
> and all the componets it dtml-vared?
>
> Forgive my using of non-Zope terms, for I'm new to Zope/Python.
>
> Wei He
>
>
>
> ___
> Zope-Dev maillist - [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Last-modified and bobobase_modification_time
Hi all, Say you have 1_html with only one line: When you HEAD http://xxx/1_html, you get Last-Modified refelecting only the last modification time of 1_html, while most people is expecting it to be newer one of 1_html and 2_html. Does anyone know of a walk-around like using the max() of bobobase_modification_time().timeTime() on the document itself and all the componets it dtml-vared? Forgive my using of non-Zope terms, for I'm new to Zope/Python. Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
