- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 11 Aug 2010 07:17:33 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Aug 11, 2010 at 02:16:20PM +1000, Mark Nottingham wrote: > > There are also some legitimate cases where content back needs to be generated by an intermediary, or diverted / requests re-written. E.g. reverse proxies, payment gateways (e.g. hotels), corporate use policy challenge pages etc. The server generating the response may never have seen the actual request made by the client. > > Not sure where you're going here. I think Adrien was talking about the same example I gave, where the server which generates the header in the response gets a request that has been transformed by multiple intermediaries, to the point that the generated header won't have any relation with the client's request and that intermediaries that have changed it won't be able to correctly rewrite it with a single regex. It's basically the same problem as with the Location header which is often wrong when emitted by a server behind several reverse proxies which rewrite the Host or the URI. Most often, the responses end up being forced into the server or forced by intermediaries because doing the transformation back is not always simple. The Assoc-Req header here will have to experience similarly bad transformations to try to match the request URI. Regards, Willy
Received on Wednesday, 11 August 2010 05:18:08 UTC