2013/10/13 Mark Thomas <ma...@apache.org>:
> On 13/10/2013 14:11, Konstantin Kolinko wrote:
>
> <snip/>
>
>>> URL: http://svn.apache.org/r1531115
>>> Log:
>>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54095
>>> Add support to the Default Servlet for serving gzipped versions of static
>>> resources directly from disk as an alternative to Tomcat compressing them
>>> on each request. Patch by Philippe Marschall.
>
> <snip/>
>
>> General:
>> I think this feature should be opt-in, like the listings feature of
>> DefaultServlet, being off by default.
>
> I disagree since:
> - this is only in 8.0.x and we haven't had a stable release yet.
> - the user has to create the gzip'd version which is unlikely to exist
> be default before this feature does anything
>
> I agree if it is ever back-ported to earlier versions it needs to be
> disabled by default.
>
My concern is that this feature is not stated by Specification, and by
default I think people should not expect this behaviour from "default"
servlet. Thus I think it should be an opt-in feature.
The files may already exist there for some other reasons. E.g. if an
application uses a framework that implements this feature by itself
independently of Tomcat.
>> (2) Additional access path for ".gz" files, which might be not covered
>> by security constraints
>>
E.g. if "foo.gz" is protected by a constraint and should not be served
directly, it can now be accessed by asking for "foo". It only works
if "foo" exists as well, so unlikely it causes anything, but this is
an additional access path.
>> (3) Interoperability with filters that may preprocess or postprocess
>> the response,
>> including ISE handling in the following lines of DefaultServlet:
>>
>> [[[
>> try {
>> ostream = response.getOutputStream();
>> } catch (IllegalStateException e) {
>> ...
>> writer = response.getWriter();
>> ]]]
>
> I've disabled the fall back for (3).
>
I'd be better to fallback to serving the original resource instead of
failing. I agree that it is a rare case, though.
>
There is also a list of options for DefaultServlet just above its
definition in conf/web.xml. It has not been updated.
>
Looking at how Apache HTTPD deals with this content negotiation feature,
First,
this feature is present by default (mod_negation is compiled in), but
is turned off. To enable it you have to enable it with "Options
MultiViews" directive on specific directory. Note that using "Options
All" does not enable this feature, you have to enable it explicitly.
[1][4]
Second,
Apache HTTPD goes to some length to prevent unwanted caching of these
responses by proxies.
"To prevent this, httpd normally marks all responses that are returned
after content negotiation as non-cacheable by HTTP/1.0 clients" [1]
It is configurable with directive "CacheNegotiatedDocs".
For HTTP/1.1 clients it sends a "Vary" header, such as "Vary:
Accept-Encoding". [1][3].
[1] http://httpd.apache.org/docs/current/content-negotiation.html
[2] http://httpd.apache.org/docs/current/mod/mod_negotiation.html
[3] http://httpd.apache.org/docs/current/mod/mod_deflate.html
[4] http://httpd.apache.org/docs/current/mod/core.html#options
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
