Update our HTTP headers
Locked
 
Administrator
|
Hi,
At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a minor OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers I think it's OK to commit, but before I'd like to know if we really want to keep x-ua-compatible in several *.html files. https://stackoverflow.com/questions/26346917/why-use-x-ua-compatible-ie-edge-anymore I ever wonder who uses Windows nowadays (kidding ;)) Jacques |
|
Hi Jacques,
I'm happy to get rid of X-UA-Compatible. Cheers Paul Foxworthy On 18 May 2018 at 23:47, Jacques Le Roux <[hidden email]> wrote: > Hi, > > At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a > minor OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers > > I think it's OK to commit, but before I'd like to know if we really want > to keep x-ua-compatible in several *.html files. > > https://stackoverflow.com/questions/26346917/why-use-x-ua- > compatible-ie-edge-anymore > > I ever wonder who uses Windows nowadays (kidding ;)) > > Jacques > > -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Australia Phone: +61 3 9585 6788 Web: http://www.coherentsoftware.com.au/ Email: [hidden email]
--
Coherent Software Australia Pty Ltd http://www.coherentsoftware.com.au/ Bonsai ERP, the all-inclusive ERP system http://www.bonsaierp.com.au/ |
|
In reply to this post by Jacques Le Roux
Hi Jacques,
I could be mistaken, but looking at the patch I did not see anything related to x-ua-compatible. Am I looking at the right JIRA 6766? It only has one attachment that sets the Cache-Control flags? On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux <[hidden email]> wrote: > Hi, > > At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a minor > OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers > > I think it's OK to commit, but before I'd like to know if we really want to > keep x-ua-compatible in several *.html files. > > https://stackoverflow.com/questions/26346917/why-use-x-ua-compatible-ie-edge-anymore > > I ever wonder who uses Windows nowadays (kidding ;)) > > Jacques > |
|
Hi Taher,
x-ua-compatible used in html file directly and I think its used only in helpdoc html content, Jacques Comments from task: >>I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about x-ua-compatible on dev ML before committing Thanks & Regards -- Deepak Dixit www.hotwax.co On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < [hidden email]> wrote: > Hi Jacques, > > I could be mistaken, but looking at the patch I did not see anything > related to x-ua-compatible. Am I looking at the right JIRA 6766? It > only has one attachment that sets the Cache-Control flags? > > On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux > <[hidden email]> wrote: > > Hi, > > > > At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a > minor > > OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers > > > > I think it's OK to commit, but before I'd like to know if we really want > to > > keep x-ua-compatible in several *.html files. > > > > https://stackoverflow.com/questions/26346917/why-use-x- > ua-compatible-ie-edge-anymore > > > > I ever wonder who uses Windows nowadays (kidding ;)) > > > > Jacques > > > |
|
Administrator
|
Hi Deepak,
Right, I missed that apart in helpdoc the others are under build/reports/tests/test and under jQuery So nothing to worry about, I'll commit the patch in one week Jacques Le 20/05/2018 à 10:16, Deepak Dixit a écrit : > Hi Taher, > > x-ua-compatible used in html file directly and I think its used only in > helpdoc html content, > > Jacques Comments from task: >>> I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about > x-ua-compatible on dev ML before committing > > > > > Thanks & Regards > -- > Deepak Dixit > www.hotwax.co > > On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < > [hidden email]> wrote: > >> Hi Jacques, >> >> I could be mistaken, but looking at the patch I did not see anything >> related to x-ua-compatible. Am I looking at the right JIRA 6766? It >> only has one attachment that sets the Cache-Control flags? >> >> On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux >> <[hidden email]> wrote: >>> Hi, >>> >>> At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a >> minor >>> OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers >>> >>> I think it's OK to commit, but before I'd like to know if we really want >> to >>> keep x-ua-compatible in several *.html files. >>> >>> https://stackoverflow.com/questions/26346917/why-use-x- >> ua-compatible-ie-edge-anymore >>> I ever wonder who uses Windows nowadays (kidding ;)) >>> >>> Jacques >>> |
|
|
Ok so that's why we should generally try to avoid mixing topics
together in the same thread, that's what threw me off into a tangent. HTTP headers setting is a complex topic with lots of details. I think we need a comprehensive source and a discussion on best practices, maybe we should make some of the headers configurable where needed? Now with respect to adding the "Cache-Control", "no-store, no-cache, must-revalidate, private", I'm not very experienced in that area, but wouldn't that affect environments where OFBiz is deployed behind a caching server? Or is this scenario non existent? On Sun, May 20, 2018 at 12:22 PM, Jacques Le Roux <[hidden email]> wrote: > Hi Deepak, > > Right, I missed that apart in helpdoc the others are under > build/reports/tests/test and under jQuery > > So nothing to worry about, I'll commit the patch in one week > > Jacques > > > > Le 20/05/2018 à 10:16, Deepak Dixit a écrit : >> >> Hi Taher, >> >> x-ua-compatible used in html file directly and I think its used only in >> helpdoc html content, >> >> Jacques Comments from task: >>>> >>>> I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about >> >> x-ua-compatible on dev ML before committing >> >> >> >> >> Thanks & Regards >> -- >> Deepak Dixit >> www.hotwax.co >> >> On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < >> [hidden email]> wrote: >> >>> Hi Jacques, >>> >>> I could be mistaken, but looking at the patch I did not see anything >>> related to x-ua-compatible. Am I looking at the right JIRA 6766? It >>> only has one attachment that sets the Cache-Control flags? >>> >>> On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux >>> <[hidden email]> wrote: >>>> >>>> Hi, >>>> >>>> At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a >>> >>> minor >>>> >>>> OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers >>>> >>>> I think it's OK to commit, but before I'd like to know if we really want >>> >>> to >>>> >>>> keep x-ua-compatible in several *.html files. >>>> >>>> https://stackoverflow.com/questions/26346917/why-use-x- >>> >>> ua-compatible-ie-edge-anymore >>>> >>>> I ever wonder who uses Windows nowadays (kidding ;)) >>>> >>>> Jacques >>>> > |
|
Administrator
|
Le 21/05/2018 à 20:13, Taher Alkhateeb a écrit :
> HTTP headers setting is a complex topic with lots of details. I think > we need a comprehensive source and a discussion on best practices, Does not the special page I created in the wiki help? > maybe we should make some of the headers configurable where needed? Yes why not, we can use the current values as default. They are set to guarantee security. The only one which can be defaulted (but to only report) is a CSP policy. Because it depends on users needs. > Now with respect to adding the "Cache-Control", "no-store, no-cache, > must-revalidate, private", I'm not very experienced in that area, but > wouldn't that affect environments where OFBiz is deployed behind a > caching server? Or is this scenario non existent? The idea with private is to prevent the proxy (aka caching server I guess) to cache something it should not. Please refer to the documentation in the commit Jacques > > On Sun, May 20, 2018 at 12:22 PM, Jacques Le Roux > <[hidden email]> wrote: >> Hi Deepak, >> >> Right, I missed that apart in helpdoc the others are under >> build/reports/tests/test and under jQuery >> >> So nothing to worry about, I'll commit the patch in one week >> >> Jacques >> >> >> >> Le 20/05/2018 à 10:16, Deepak Dixit a écrit : >>> Hi Taher, >>> >>> x-ua-compatible used in html file directly and I think its used only in >>> helpdoc html content, >>> >>> Jacques Comments from task: >>>>> I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about >>> x-ua-compatible on dev ML before committing >>> >>> >>> >>> >>> Thanks & Regards >>> -- >>> Deepak Dixit >>> www.hotwax.co >>> >>> On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < >>> [hidden email]> wrote: >>> >>>> Hi Jacques, >>>> >>>> I could be mistaken, but looking at the patch I did not see anything >>>> related to x-ua-compatible. Am I looking at the right JIRA 6766? It >>>> only has one attachment that sets the Cache-Control flags? >>>> >>>> On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux >>>> <[hidden email]> wrote: >>>>> Hi, >>>>> >>>>> At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a >>>> minor >>>>> OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers >>>>> >>>>> I think it's OK to commit, but before I'd like to know if we really want >>>> to >>>>> keep x-ua-compatible in several *.html files. >>>>> >>>>> https://stackoverflow.com/questions/26346917/why-use-x- >>>> ua-compatible-ie-edge-anymore >>>>> I ever wonder who uses Windows nowadays (kidding ;)) >>>>> >>>>> Jacques >>>>> |
|
|
There are at least 4 links and many comments in the JIRA, I'm not sure
which one are you referring to. Anyway, it sounds correct because it is utilized from the function "setResponseBrowserProxyNoCache(...)" So I think it looks fine. Good job with the research. IE continues to cause so much headache. +1 On Wed, May 23, 2018 at 1:03 PM, Jacques Le Roux <[hidden email]> wrote: > Le 21/05/2018 à 20:13, Taher Alkhateeb a écrit : >> >> HTTP headers setting is a complex topic with lots of details. I think >> we need a comprehensive source and a discussion on best practices, > > Does not the special page I created in the wiki help? > >> maybe we should make some of the headers configurable where needed? > > Yes why not, we can use the current values as default. They are set to > guarantee security. The only one which can be defaulted (but to only report) > is a CSP policy. Because it depends on users needs. > >> Now with respect to adding the "Cache-Control", "no-store, no-cache, >> must-revalidate, private", I'm not very experienced in that area, but >> wouldn't that affect environments where OFBiz is deployed behind a >> caching server? Or is this scenario non existent? > > The idea with private is to prevent the proxy (aka caching server I guess) > to cache something it should not. Please refer to the documentation in the > commit > > Jacques > >> >> On Sun, May 20, 2018 at 12:22 PM, Jacques Le Roux >> <[hidden email]> wrote: >>> >>> Hi Deepak, >>> >>> Right, I missed that apart in helpdoc the others are under >>> build/reports/tests/test and under jQuery >>> >>> So nothing to worry about, I'll commit the patch in one week >>> >>> Jacques >>> >>> >>> >>> Le 20/05/2018 à 10:16, Deepak Dixit a écrit : >>>> >>>> Hi Taher, >>>> >>>> x-ua-compatible used in html file directly and I think its used only in >>>> helpdoc html content, >>>> >>>> Jacques Comments from task: >>>>>> >>>>>> I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about >>>> >>>> x-ua-compatible on dev ML before committing >>>> >>>> >>>> >>>> >>>> Thanks & Regards >>>> -- >>>> Deepak Dixit >>>> www.hotwax.co >>>> >>>> On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < >>>> [hidden email]> wrote: >>>> >>>>> Hi Jacques, >>>>> >>>>> I could be mistaken, but looking at the patch I did not see anything >>>>> related to x-ua-compatible. Am I looking at the right JIRA 6766? It >>>>> only has one attachment that sets the Cache-Control flags? >>>>> >>>>> On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux >>>>> <[hidden email]> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a >>>>> >>>>> minor >>>>>> >>>>>> OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers >>>>>> >>>>>> I think it's OK to commit, but before I'd like to know if we really >>>>>> want >>>>> >>>>> to >>>>>> >>>>>> keep x-ua-compatible in several *.html files. >>>>>> >>>>>> https://stackoverflow.com/questions/26346917/why-use-x- >>>>> >>>>> ua-compatible-ie-edge-anymore >>>>>> >>>>>> I ever wonder who uses Windows nowadays (kidding ;)) >>>>>> >>>>>> Jacques >>>>>> > |
|
Administrator
|
It's not related to IE, finally we have not problems with x-ua-compatible
Private is well explained in the 2 1st links. Jacques Le 23/05/2018 à 15:07, Taher Alkhateeb a écrit : > There are at least 4 links and many comments in the JIRA, I'm not sure > which one are you referring to. Anyway, it sounds correct because it > is utilized from the function "setResponseBrowserProxyNoCache(...)" > > So I think it looks fine. Good job with the research. IE continues to > cause so much headache. > > +1 > > On Wed, May 23, 2018 at 1:03 PM, Jacques Le Roux > <[hidden email]> wrote: >> Le 21/05/2018 à 20:13, Taher Alkhateeb a écrit : >>> HTTP headers setting is a complex topic with lots of details. I think >>> we need a comprehensive source and a discussion on best practices, >> Does not the special page I created in the wiki help? >> >>> maybe we should make some of the headers configurable where needed? >> Yes why not, we can use the current values as default. They are set to >> guarantee security. The only one which can be defaulted (but to only report) >> is a CSP policy. Because it depends on users needs. >> >>> Now with respect to adding the "Cache-Control", "no-store, no-cache, >>> must-revalidate, private", I'm not very experienced in that area, but >>> wouldn't that affect environments where OFBiz is deployed behind a >>> caching server? Or is this scenario non existent? >> The idea with private is to prevent the proxy (aka caching server I guess) >> to cache something it should not. Please refer to the documentation in the >> commit >> >> Jacques >> >>> On Sun, May 20, 2018 at 12:22 PM, Jacques Le Roux >>> <[hidden email]> wrote: >>>> Hi Deepak, >>>> >>>> Right, I missed that apart in helpdoc the others are under >>>> build/reports/tests/test and under jQuery >>>> >>>> So nothing to worry about, I'll commit the patch in one week >>>> >>>> Jacques >>>> >>>> >>>> >>>> Le 20/05/2018 à 10:16, Deepak Dixit a écrit : >>>>> Hi Taher, >>>>> >>>>> x-ua-compatible used in html file directly and I think its used only in >>>>> helpdoc html content, >>>>> >>>>> Jacques Comments from task: >>>>>>> I have attached the OFBIZ-6766-UtilHttp.java.patch and will ask about >>>>> x-ua-compatible on dev ML before committing >>>>> >>>>> >>>>> >>>>> >>>>> Thanks & Regards >>>>> -- >>>>> Deepak Dixit >>>>> www.hotwax.co >>>>> >>>>> On Sat, May 19, 2018 at 11:50 PM, Taher Alkhateeb < >>>>> [hidden email]> wrote: >>>>> >>>>>> Hi Jacques, >>>>>> >>>>>> I could be mistaken, but looking at the patch I did not see anything >>>>>> related to x-ua-compatible. Am I looking at the right JIRA 6766? It >>>>>> only has one attachment that sets the Cache-Control flags? >>>>>> >>>>>> On Fri, May 18, 2018 at 4:47 PM, Jacques Le Roux >>>>>> <[hidden email]> wrote: >>>>>>> Hi, >>>>>>> >>>>>>> At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a >>>>>> minor >>>>>>> OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers >>>>>>> >>>>>>> I think it's OK to commit, but before I'd like to know if we really >>>>>>> want >>>>>> to >>>>>>> keep x-ua-compatible in several *.html files. >>>>>>> >>>>>>> https://stackoverflow.com/questions/26346917/why-use-x- >>>>>> ua-compatible-ie-edge-anymore >>>>>>> I ever wonder who uses Windows nowadays (kidding ;)) >>>>>>> >>>>>>> Jacques >>>>>>> |
|
Administrator
|
In reply to this post by Jacques Le Roux
Committed at r1832128
Jacques Le 18/05/2018 à 15:47, Jacques Le Roux a écrit : > Hi, > > At https://issues.apache.org/jira/browse/OFBIZ-6766 I have attached a minor OFBIZ-6766-UtilHttp.java.patch for updating our HTTP headers > > I think it's OK to commit, but before I'd like to know if we really want to keep x-ua-compatible in several *.html files. > > https://stackoverflow.com/questions/26346917/why-use-x-ua-compatible-ie-edge-anymore > > I ever wonder who uses Windows nowadays (kidding ;)) > > Jacques > > |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |