After a long discussion in dev@ I reviewed my previous commit to only warn (ea64e031) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Commit ea64e031 authored Aug 26, 2016 by

Luca Toscano

After a long discussion in dev@ I reviewed my previous commit to only warn

the admins about Last-Modified header violations rather than trying
to interpret datestrings (like the ones not in GMT).

I also added explicit comments to summarize the current assumptions,
so it will be easier for somebody in the future to modify the code.

The following use cases are covered:
1) (F)CGI backend sends a Last-Modified header not in GMT and considered in the future by httpd (like now() in the EU/Paris timezone)
2) (F)CGI backend sends a Last-Modified header not in GMT and not considered in the future by httpd (like now() + 2 hours in the PST timezone)
3) (F)CGI backend sends a Last-Modified header in GMT but with a datetime in the future

Suggestions and opinion are really welcome.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757818 13f79535-47bb-0310-9956-ffa450edef68

parent f481a0da

Hide whitespace changes

Inline Side-by-side

Please register or to comment