W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > October 2002

Apache mod_header issues in regards to HTTP 3XX requests

From: Sander van Zoest <sander@yahoo-inc.com>
Date: Tue, 29 Oct 2002 12:52:13 -0800
To: www-p3p-public-comments@w3.org
Cc: www-p3p-dev@w3.org
Message-ID: <20021029125213.A15735@escher.san.yahoo.com>


It is a pretty common practice for cookie based authentication 
web servers to set a HTTP cookie on the 302 Redirect that 
redirects to the originally page requested.

When using mod_headers.c as described in

1) The Apache 1.3.X Web Server will *only* return the added P3P HTTP
   Headers on 2XX return codes. It will not return P3P HTTP Headers
   on 3XX, 4XX or 5XX requests (leaving 1XX to be untested).

   We have written a patch for mod_headers.c that allows for adding
   headers to the r->err_headers_out table which will be output on
   all HTTP headers via the ErrorHeader directive.

   This patch was submitted to the ASF last may and filed at
   <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9181>. This
   patch was commited to Apache 1.3.27 released on October 3rd, 2002.

2) Because of the new I/O Filtering capabilities and re-write of
   mod_headers to take advantage of them. Apache 2.0 will output
   configured headers on all server-generated HTTP headers using
   the Header directive, except for 3XX responses. 

   3XX responses shortcut the output_filters, which in this 
   particular case, provides us with no obvious method of setting 
   P3P Headers on HTTP redirects without hacking the core. There 
   currently is no recommended workaround at this time.

Sander van Zoest                                          +1 (619) 881-3000
Yahoo!, Inc.                                           sander@yahoo-inc.com
<http://www.yahoo.com/>                       <http://sander.vanzoest.com/>
Received on Tuesday, 29 October 2002 15:54:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:43:01 UTC