[
https://issues.apache.org/jira/browse/SHINDIG-226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12594120#action_12594120
]
Kevin Brown commented on SHINDIG-226:
-------------------------------------
The third format is never present in Expires headers, because both HTTP 1.0 and
HTTP 1.1 forbid it. The recommendation in 3.3.1 refers to general date formats.
Under absolutely no circumstances would the items it references ever apply
here, because using the http client to access non-http protocols would be a
security hole.
The second format is also probably irrelevant since HTTP 1.1 forbids it and
HTTP 1.0 discourages it (and in practice, finding an HTTP 1.0 server that uses
this format that was written in the last 10 years is difficult anyway; the lack
of a 4 digit year presents a different breed of problem entirely).
So, for this patch to be correct, only the second format should be applied in
addition to the first, and only when the connection is HTTP 1.0.
> Expires date should respect the format given by rfc2616-sec3#sec3.3.1
> ---------------------------------------------------------------------
>
> Key: SHINDIG-226
> URL: https://issues.apache.org/jira/browse/SHINDIG-226
> Project: Shindig
> Issue Type: Bug
> Components: Gadget Rendering Server (Java)
> Reporter: Vincent Siveton
> Attachments: SHINDIG-226.patch
>
>
> The actual DateFormat implementation in BasicContentCache doesn't respect
> formats defined in [1]. According [2], it should.
> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3.1
> [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
