On 22 Aug 2005, at 21:55, Michael Dunstan wrote:
On 8/22/05, Tres Seaver <[EMAIL PROTECTED]> wrote:
Are we sure that we won't be breaking the rather large possible
set of
installed servers running behind Apache 1.3.x with the bug for which
adding the content length was a workaround?
I understand that this bug was resolved in Apache 1.3.27 [1]. Which is
a few years old now. And outdated by several security releases since
then.
From my reading of http://www.apacheweek.com/issues/02-10-04 this
issue only existed in 1.3.26:
"""
In 1.3.26, a null or all-blank Content-Length triggers an error
although previous versions would silently ignore it and assume 0
length. 1.3.27 restores this previous behaviour.
"""
The other content-length-related issue actually seems to imply it is
better to leave the header out of 304 responses, because Apache would
"mis-use" the header and apply its value to cached content:
"""
Some fixes to mod_proxy. The cache was incorrectly updating the
Content-Length from 304 responses when doing validation. Also fix a
problem where headers from other modules were added to the response
headers when this was done in the core already.
"""
Also OFS.Image been patched as of Zope 2.7.1 [2] in such a way that it
would have already tripped a combination of old-ish Apache and new-ish
Zope. Though ZServer was still throwing in a "Content-Length: 0".
(Which I read as sufficient to provoke the bug in Apache < 1.3.27.)
Yes, both issues mentioned above actually, from the way I read that
text.
This setting could be manipulated via a zope.conf directive, but from
the evidence it seems the maintenance/administrative annoyance of
adding yet another knob for something that seems to carry no risk
might not be worth it. I'd still plead for including it the way it is.
jens
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )