On 18 April 2011 19:36, Tres Seaver <tsea...@palladion.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/18/2011 12:01 PM, Laurence Rowe wrote: >> When using response.appendHeader, Zope appends the new value following >> an ",\r\n\t" which splits the header over multiple lines. While this >> behaviour is standards compliant, it causes problems for both Varnish >> [1] and Nginx [2] which may then mangle the header value. >> >> In fact the HTTP 1.0 spec notes that splitting over multiple lines in >> not recommended [3], though the HTTP 1.1 spec does not mention this >> explicitly, though it does say [4]: >> "Applications ought to follow "common form", where one is known or >> indicated, when generating HTTP constructs, since there might exist >> some implementations that fail to accept anything" >> >> Are there any objections to me applying the attached patch to Zope >> 2.13 and trunk? > > +0. We likely need to test that your patch doesn't break stuff on other > maybe-not-compliant servers (older Apache, IIS).
I don't think there is any risk of this. Plone's CacheFu has always generated the Cache-Control header as a single line, e.g. "Cache-Control:max-age=0, s-maxage=0, must-revalidate" and that has never caused a problem. The problem only rarely shows up because appendHeader is very rarely called, normally setHeader is used. In fact the only usage of it I could find of appendHeader in my egg cache or the entire Zope2 / Plone is in ZPublisher.HTTPResponse where it is called when gzipping the response (to add 'Accept-Encoding' to the Vary). Even then, it only causes a mulit-line header to be generated when you've already set Vary to something else (for instance Accept-Language.) For servers acting as pure proxies, the header value is opaque, so there is no risk. The only possible way a problem could arise is if they interpret the value in the header. Given that the only time this ever happens is with the Vary header, then only caching proxy servers need worry us. Given that they already cope just fine with the usual ", " delimited list of values in the Cache-Control header, I don't think compatibility issues need worry us here. Laurence _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )