Keith Wannamaker wrote:
I read:
// FIXME: Disabled for Mozilla FORM support over SSL
// (improper caching issue)
Indeed (I now remember the issue), there would be serious issues should this not be the default.

The issue here is, apparently, that Mozilla has a caching bug we are working around, so we have to disable caching. However, I don't know that the broken Mozilla agent requires the Pragma header to do this.

It would be needed to test it. Unfortunately, I didn't mention the bug id (assuming there was one), so I don't know exactly what should be tested.

Now, I think you are misrepresenting the IE issue, and it's not such a big issue.

Here is a test war for you and those interested,
<>. If you deploy this you will see that you cannot download the one file in the webapp with IE with head of tree. If you comment out the pragma header in AuthenticatorBase, it works fine.

Despite your renaming, I want to emphasize that I am not talking about the cache-control header, and am fine with it being either private or no-cache.

The old name was bad. If you want to change it again to something better, it's fine.

I am perfectly fine with adding new configurability and documenting it properly, but defaults should lean towards the safer solution.

I disagree, defaults should be friendly to the largest client base.

Good, I obviously disagree.

BTW, I really don't see any problem with not using the defaults, and actually configuring something. Is that really a big issue for you and the people who reported this problem ? For example, in JBoss, I use a different default configuration and I don't make a big issue out of it.

I think Tomcat should work with IE under SSL, and yes, I think it is a big issue that Tomcat doesn't, out of the box.

I am really annoyed because I see more and more people trying to shove down people's throat whatever defaults they like best. This leads to improductive discussions. As a result, I'd like to stop here, and move on (especially since I don't see the issue as a major problem - the mozilla issue, however, was a major problem, as it was potentially displaying wrong stuff to users).


To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to