- From: Shel Kaphan <sjk@amazon.com>
- Date: Wed, 30 Aug 1995 17:10:12 -0700
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Proposals for additional language in the HTTP 1.1 spec. In section 8.19: To address the security hole that Larry Masinter recognized: "If a Location response header is returned with a 2xx response, the location must be on the same server as the request-URI. If a cache or user agent receives a 2xx response containing a Location response header with a location on a different server, it should disregard the Location header." To inform cache and user agent implementors of the significance of the Location header in 2xx responses: "If a cache or user agent receives a 2xx response containing a Location header, it should use the location designated by this header as the cache key for the returned resource, and should not use the request-URI for this purpose." --Shel Kaphan
Received on Wednesday, 30 August 1995 17:17:54 UTC