Mark Nottingham wrote:
Sorry to be blunt, but shouldn't these sites be securing themselves?
Having Squid strip this header hardly closes any significant attack
vectors off... and doing so creates yet another special case for people
to work around.
-1 on Translate (default strip; registering i
Sorry to be blunt, but shouldn't these sites be securing themselves?
Having Squid strip this header hardly closes any significant attack
vectors off... and doing so creates yet another special case for
people to work around.
-1 on Translate (default strip; registering it, I suppose, althoug
Kinkie wrote:
On Mon, May 18, 2009 at 1:05 PM, Amos Jeffries wrote:
Both of these are non-standard headers created by microsoft.
These are both weird ones. We seem to need them, but only because they need
to be stripped away in certain circumstances.
The Translate: header is the trickiest. Af
On Mon, May 18, 2009 at 1:05 PM, Amos Jeffries wrote:
> Both of these are non-standard headers created by microsoft.
>
> These are both weird ones. We seem to need them, but only because they need
> to be stripped away in certain circumstances.
>
> The Translate: header is the trickiest. After rea
Both of these are non-standard headers created by microsoft.
These are both weird ones. We seem to need them, but only because they
need to be stripped away in certain circumstances.
The Translate: header is the trickiest. After reading the docs it
appears we should be always stripping it awa
