It's not related to IE, finally we have not problems with x-ua-compatible
Private is well explained in the 2 1st links.
Jacques
Le 23/05/2018 à 15:07, Taher Alkhateeb a écrit :
There are at least 4 links and many comments in the JIRA, I'm not sure
which one are you referring to. Anyway, it sounds correct because it
is utilized from the function "setResponseBrowserProxyNoCache(...)"
So I think it looks fine. Good job with the research. IE continues to
cause so much headache.
+1
On Wed, May 23, 2018 at 1:03 PM, Jacques Le Roux
<jacques.le.r...@les7arts.com> wrote:
Le 21/05/2018 à 20:13, Taher Alkhateeb a écrit :
HTTP headers setting is a complex topic with lots of details. I think
we need a comprehensive source and a discussion on best practices,
Does not the special page I created in the wiki help?
maybe we should make some of the headers configurable where needed?
Yes why not, we can use the current values as default. They are set to
guarantee security. The only one which can be defaulted (but to only report)
is a CSP policy. Because it depends on users needs.
Now with respect to adding the "Cache-Control", "no-store, no-cache,
must-revalidate, private", I'm not very experienced in that area, but
wouldn't that affect environments where OFBiz is deployed behind a
caching server? Or is this scenario non existent?
The idea with private is to prevent the proxy (aka caching server I guess)
to cache something it should not. Please refer to the documentation in the
commit
Jacques
On Sun, May 20, 2018 at 12:22 PM, Jacques Le Roux
<jacques.le.r...@les7arts.com> wrote:
Hi Deepak,
Right, I missed that apart in helpdoc the others are under
build/reports/tests/test and under jQuery
So nothing to worry about, I'll commit the patch in one week
Jacques
Le 20/05/2018 à 10:16, Deepak Dixit a écrit :
Hi Taher,
x-ua-compatible used in html file directly and I think its used only in
helpdoc html content,
Jacques Comments from task:
I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about
x-ua-compatible on dev ML before committing
Thanks & Regards
--
Deepak Dixit
www.hotwax.co
On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb <
slidingfilame...@gmail.com> wrote:
Hi Jacques,
I could be mistaken, but looking at the patch I did not see anything
related to x-ua-compatible. Am I looking at the right JIRA 6766? It
only has one attachment that sets the Cache-Control flags?
On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux
<jacques.le.r...@les7arts.com> wrote:
Hi,
At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a
minor
OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers
I think it's OK to commit, but before I'd like to know if we really
want
to
keep x-ua-compatible in several *.html files.
https://stackoverflow.com/questions/26346917/why-use-x-
ua-compatible-ie-edge-anymore
I ever wonder who uses Windows nowadays (kidding ;))
Jacques
