DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16135>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16135 Cache-control: private=list ignored Summary: Cache-control: private=list ignored Product: Apache httpd-2.0 Version: HEAD Platform: All URL: http://coad.measurement-factory.com/cgi- bin/coad/GraseInfoCgi?info_id=test_clause/rfc2616/ccResp DirHdr-private OS/Version: All Status: NEW Severity: Major Priority: Other Component: mod_cache AssignedTo: bugs@httpd.apache.org ReportedBy: [EMAIL PROTECTED] Looks like a possible RFC 2616 MUST violation. Apache ignores "Cache-Control: private=list" directive. The "Cache-Control: private" test is successful though. The initial severity is set above "normal" because this bug might expose private [user] information to third parties. If handling lists in Cache-Control headers is a difficult change, the code should be adjusted to ignore those lists as opposed to ignoring complete Cache-Control headers. In other words, it would be much better if Apache at least treats "private=list" as "private". See attached trace(s) for details and ways to reproduce the violation mentioned above. Test case IDs in the trace link to human-oriented test case description and RFC quotes, if available. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]