You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/01/15 21:19:50 UTC
DO NOT REPLY [Bug 16135] New: -
Cache-control: private=list ignored
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16135>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16135
Cache-control: private=list ignored
Summary: Cache-control: private=list ignored
Product: Apache httpd-2.0
Version: HEAD
Platform: All
URL: http://coad.measurement-factory.com/cgi-
bin/coad/GraseInfoCgi?info_id=test_clause/rfc2616/ccResp
DirHdr-private
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: mod_cache
AssignedTo: bugs@httpd.apache.org
ReportedBy: coad@measurement-factory.com
Looks like a possible RFC 2616 MUST violation.
Apache ignores "Cache-Control: private=list"
directive. The "Cache-Control: private" test
is successful though. The initial severity is
set above "normal" because this bug might expose private
[user] information to third parties.
If handling lists in Cache-Control headers is a difficult change,
the code should be adjusted to ignore those lists as opposed to
ignoring complete Cache-Control headers. In other words, it would
be much better if Apache at least treats "private=list" as "private".
See attached trace(s) for details and ways to reproduce
the violation mentioned above.
Test case IDs in the trace link to human-oriented test case
description and RFC quotes, if available.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org