- From: Sander van Zoest <sander@yahoo-inc.com>
- Date: Tue, 29 Oct 2002 12:52:13 -0800
- To: www-p3p-public-comments@w3.org
- Cc: www-p3p-dev@w3.org
Hi, It is a pretty common practice for cookie based authentication web servers to set a HTTP cookie on the 302 Redirect that redirects to the originally page requested. When using mod_headers.c as described in <http://www.w3.org/TR/p3pdeployment#Appendix_Apache>. 1) The Apache 1.3.X Web Server will *only* return the added P3P HTTP Headers on 2XX return codes. It will not return P3P HTTP Headers on 3XX, 4XX or 5XX requests (leaving 1XX to be untested). We have written a patch for mod_headers.c that allows for adding headers to the r->err_headers_out table which will be output on all HTTP headers via the ErrorHeader directive. This patch was submitted to the ASF last may and filed at <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9181>. This patch was commited to Apache 1.3.27 released on October 3rd, 2002. 2) Because of the new I/O Filtering capabilities and re-write of mod_headers to take advantage of them. Apache 2.0 will output configured headers on all server-generated HTTP headers using the Header directive, except for 3XX responses. 3XX responses shortcut the output_filters, which in this particular case, provides us with no obvious method of setting P3P Headers on HTTP redirects without hacking the core. There currently is no recommended workaround at this time. -- Sander van Zoest +1 (619) 881-3000 Yahoo!, Inc. sander@yahoo-inc.com <http://www.yahoo.com/> <http://sander.vanzoest.com/>
Received on Tuesday, 29 October 2002 15:54:35 UTC