On 05.11.2012 12:02, Mark Phippard wrote:
> On Nov 5, 2012, at 3:11 AM, Branko Čibej <brane_at_wandisco.com> wrote:
>
>> On 05.11.2012 00:21, Thomas Åkesson wrote:
>>> I did some tests with curl --head just as a sanity check. It seems to be a good choice for access control. I primarily wanted to see that HEAD requests were not allowed in situations where GET is not (e.g. when user has access in directories below).
>>>
>>> The HEAD requests I performed (minimal curl command) did not cause the server to provide Content-Length when returning "200 OK".
>> Which is precisely what I was talking about in my other post. Such HEAD
>> responses are invalid. If we implement HEAD, we have to do it correctly.
> I thought that Serf already issues HEAD requests? Not sure about Neon.
It might do. But the problem is server-side, not client-side. I suspect
we're intentionally busting the HEAD response to save CPU cycles on the
server.
-- Brane
Received on 2012-11-05 12:07:28 CET