> >From a security end we know that HTTP/1.0 has flaws (especially when you > introduce a web browser), but it raises the question of how many proxy > server are there which only implement HTTP/1.0. All it seems to takes is a > single proxy server for a response to be downgraded, and for the browser to > receive that downgraded response and (correctly?) ignore any settings that > are not associated with the protocol identifier in the response - such as > Cache-Control headers. Incorrectly. If a browser supports the Cache-Control header field for any HTTP/1.x response, then it should support it for every HTTP/1.x response. The definition of an HTTP header field is defined by the major number, not the minor number. ....RoyReceived on Wednesday, 8 November 2000 22:52:15 EST
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:40 EDT