- From: Fielding, Roy <fielding@ebuilt.com>
- Date: Wed, 8 Nov 2000 14:50:17 -0800
- To: 'Tim Coates' <tcoates@dynamics.net>, http-wg@cuckoo.hpl.hp.com
> >From a security end we know that HTTP/1.0 has flaws (especially when you > introduce a web browser), but it raises the question of how many proxy > server are there which only implement HTTP/1.0. All it seems to takes is a > single proxy server for a response to be downgraded, and for the browser to > receive that downgraded response and (correctly?) ignore any settings that > are not associated with the protocol identifier in the response - such as > Cache-Control headers. Incorrectly. If a browser supports the Cache-Control header field for any HTTP/1.x response, then it should support it for every HTTP/1.x response. The definition of an HTTP header field is defined by the major number, not the minor number. ....Roy
Received on Wednesday, 8 November 2000 14:55:42 UTC