On Aug 11, 2016 15:09, "Eric Covener" <cove...@gmail.com> wrote: > > On Thu, Aug 11, 2016 at 4:04 PM, Jim Jagielski <j...@jagunet.com> wrote: > >> It seems that the two need some potentially different > >> rulesets. If you are running a forward proxy, you would want to be quite > >> strict about the responses. If you are only a gateway of trusted backend > >> servers and apps, you might want to be more tolerant (although Roy and > >> Jim may disagree with me on this.) > > Devils advocate: Trusted backend + spectre of xss could put you right > back in strict mindset.
Pardon the language, but absofuckinglutely! The idea of these potential overrides is to restore a server which is a gateway to a critical, but horridly coded backend, to gey it running again for a time. It is not a perpetual means to avoiding the responsibility to fix the broken backend. It isn't an excuse to avoid writing proper backends. This is the gist of Luca's and my small disagreement over last-modified handling. I was thinking over lunch that perhaps we *should* backport the entire removal of the legacy parser in a later 2.4 or final 2.2 release. Not necessarily at this next T&R, but soon, later on down the line, after we have offered months for admins to push their dev teams to get the issues sorted.
