W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Location Proposals

From: Shel Kaphan <sjk@amazon.com>
Date: Wed, 30 Aug 1995 17:10:12 -0700
Message-Id: <199508310010.RAA24329@bert.amazon.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com


Proposals for additional language in the HTTP 1.1 spec.

In section 8.19:

To address the security hole that Larry Masinter recognized:

	"If a Location response header is returned with a 2xx response,
	the location must be on the same server as the request-URI.
	If a cache or user agent receives a 2xx response containing a Location
	response header with a location on a different server, it should
	disregard the Location header."

To inform cache and user agent implementors of the significance of the 
Location header in 2xx responses:

	"If a cache or user agent receives a 2xx response containing a
	Location header, it should use the location designated by this header
	as the cache key for the returned resource, and should not use the
	request-URI for this purpose."


--Shel Kaphan
Received on Wednesday, 30 August 1995 17:17:54 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:27 EDT