Thomas Ã…kesson wrote on Thu, Nov 08, 2012 at 15:15:03 +0100:
>
> On 5 nov 2012, at 09:11, Branko ÄŒibej wrote:
>
> > On 05.11.2012 00:21, Thomas Ã…kesson wrote:
> >> I did some tests with curl --head just as a sanity check. It seems to be a good choice for access control. I primarily wanted to see that HEAD requests were not allowed in situations where GET is not (e.g. when user has access in directories below).
> >>
> >> The HEAD requests I performed (minimal curl command) did not cause the server to provide Content-Length when returning "200 OK".
> >
> > Which is precisely what I was talking about in my other post. Such HEAD
> > responses are invalid. If we implement HEAD, we have to do it correctly.
>
> Right, I was just confirming that.
>
> I think this is approaching off-topic for this thread. The server
> (mod_dav_svn) currently does respond to HEAD requests without
> Content-Length, which appears to be invalid. Perhaps a separate
> issue/thread should discuss whether the HEAD response should be
> changed to conform with the specification.
>
We could also add Content-Length if it's not required but cheap to
compute. (svn_fs_file_length())
> On-topic, looking at the HTTP RFC, the HEAD request makes a lot of
> sense for access control purposes and that gives the server a chance
> to optimize the response even if, worst case, only the response
> bandwidth would be gained.
>
> /Thomas Ã….
>
Received on 2012-11-08 17:43:14 CET