There are at least 4 links and many comments in the JIRA, I'm not sure which one are you referring to. Anyway, it sounds correct because it is utilized from the function "setResponseBrowserProxyNoCache(...)"
So I think it looks fine. Good job with the research. IE continues to cause so much headache. +1 On Wed, May 23, 2018 at 1:03 PM, Jacques Le Roux <jacques.le.r...@les7arts.com> wrote: > Le 21/05/2018 à 20:13, Taher Alkhateeb a écrit : >> >> HTTP headers setting is a complex topic with lots of details. I think >> we need a comprehensive source and a discussion on best practices, > > Does not the special page I created in the wiki help? > >> maybe we should make some of the headers configurable where needed? > > Yes why not, we can use the current values as default. They are set to > guarantee security. The only one which can be defaulted (but to only report) > is a CSP policy. Because it depends on users needs. > >> Now with respect to adding the "Cache-Control", "no-store, no-cache, >> must-revalidate, private", I'm not very experienced in that area, but >> wouldn't that affect environments where OFBiz is deployed behind a >> caching server? Or is this scenario non existent? > > The idea with private is to prevent the proxy (aka caching server I guess) > to cache something it should not. Please refer to the documentation in the > commit > > Jacques > >> >> On Sun, May 20, 2018 at 12:22 PM, Jacques Le Roux >> <jacques.le.r...@les7arts.com> wrote: >>> >>> Hi Deepak, >>> >>> Right, I missed that apart in helpdoc the others are under >>> build/reports/tests/test and under jQuery >>> >>> So nothing to worry about, I'll commit the patch in one week >>> >>> Jacques >>> >>> >>> >>> Le 20/05/2018 à 10:16, Deepak Dixit a écrit : >>>> >>>> Hi Taher, >>>> >>>> x-ua-compatible used in html file directly and I think its used only in >>>> helpdoc html content, >>>> >>>> Jacques Comments from task: >>>>>> >>>>>> I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about >>>> >>>> x-ua-compatible on dev ML before committing >>>> >>>> >>>> >>>> >>>> Thanks & Regards >>>> -- >>>> Deepak Dixit >>>> www.hotwax.co >>>> >>>> On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < >>>> slidingfilame...@gmail.com> wrote: >>>> >>>>> Hi Jacques, >>>>> >>>>> I could be mistaken, but looking at the patch I did not see anything >>>>> related to x-ua-compatible. Am I looking at the right JIRA 6766? It >>>>> only has one attachment that sets the Cache-Control flags? >>>>> >>>>> On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux >>>>> <jacques.le.r...@les7arts.com> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a >>>>> >>>>> minor >>>>>> >>>>>> OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers >>>>>> >>>>>> I think it's OK to commit, but before I'd like to know if we really >>>>>> want >>>>> >>>>> to >>>>>> >>>>>> keep x-ua-compatible in several *.html files. >>>>>> >>>>>> https://stackoverflow.com/questions/26346917/why-use-x- >>>>> >>>>> ua-compatible-ie-edge-anymore >>>>>> >>>>>> I ever wonder who uses Windows nowadays (kidding ;)) >>>>>> >>>>>> Jacques >>>>>> >