On Mon, Dec 31, 2001 at 01:10:22PM +0100, Marc A. Lehmann wrote: > On Tue, Dec 25, 2001 at 02:05:19PM +0300, "Alexander V. Lukyanov" ><[EMAIL PROTECTED]> wrote: > > It seems I did not read RFC well enough. The attached patch should fix it > > (untested yet - I have to work over proxy). > > Doh'. Anyways, it seems to work (and is simply enough ;). Is there a way
Thanks for testing it! > to make lftp send http/1.0-requests? if yes, then the patch might be > wrong, as a http/1.1-version in a response to a http/1.0 request is not > indicating a http/1.1 response. There is no option yet to make lftp send pure http/1.0 requests. But it sends all headers needed for 1.0 compatibility. > > > (sidenote: the Referer:-header above is broken, as this was the first > > > request so no referer exists). > > > > lftp simply sends current directory as Referer. It is possible to send > > arbitrary string using http:referer setting. > > I mentioned this because this is a violation of a very clear MUST NOT: > > The Referer field MUST NOT be sent if the Request-URI was obtained from > a source that does not have its own URI, such as input from the user > keyboard. > > It's also a bad thing to do by default. Ok, I'll change the default. lftp won't send Referer, because it was not designed to keep the source of Request-URI. Somebody have told me that some server refused to work properly if there were no Referer header, even faked one, that's why lftp sent Referer header by default. -- Alexander. | http://www.yars.free.net/~lav/
