Proposals for additional language in the HTTP 1.1 spec. In section 8.19: To address the security hole that Larry Masinter recognized: "If a Location response header is returned with a 2xx response, the location must be on the same server as the request-URI. If a cache or user agent receives a 2xx response containing a Location response header with a location on a different server, it should disregard the Location header." To inform cache and user agent implementors of the significance of the Location header in 2xx responses: "If a cache or user agent receives a 2xx response containing a Location header, it should use the location designated by this header as the cache key for the returned resource, and should not use the request-URI for this purpose." --Shel KaphanReceived on Wednesday, 30 August 1995 17:17:54 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:27 EDT