Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13044

Expires header violates RFC 2616

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-RC3
    • Fix Version/s: 3.1.0-RC4
    • Component/s: None
    • Labels:
      None

      Description

      phpBB3 sends the Expires header with a value of 0 which violates http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21

        Activity

        Hide
        Joe User Joe User added a comment -

        Created patch

        Show
        Joe User Joe User added a comment - Created patch
        Hide
        Joe User Joe User added a comment -

        Corrected patch

        Show
        Joe User Joe User added a comment - Corrected patch
        Hide
        nickvergessen Joas Schilling added a comment - - edited

        From the link you posted:

        HTTP/1.1 clients and caches MUST treat other invalid date formats, especially including the value "0", as in the past (i.e., "already expired").

        So I guess it'd known, but we could/should still fix this.

        Show
        nickvergessen Joas Schilling added a comment - - edited From the link you posted: HTTP/1.1 clients and caches MUST treat other invalid date formats, especially including the value "0", as in the past (i.e., "already expired"). So I guess it'd known, but we could/should still fix this.
        Hide
        bantu Andreas Fischer added a comment -

        I would suggest to reject this patch if the new implementation does not have any benefits over the existing implementation (which seems to be the case).

        Show
        bantu Andreas Fischer added a comment - I would suggest to reject this patch if the new implementation does not have any benefits over the existing implementation (which seems to be the case).
        Hide
        Joe User Joe User added a comment -

        The RFC defines the header as a date and nothing else. Sending something else than a date violates the RFC even when clients must treat other values as "already expired".

        So do it right and get closer to RFC conformance instead of doing it wrong and hoping all the rest of the world does it right.

        RFCs are standards and it is always bad to violate them.

        Small patch, apply it, thanks.

        Show
        Joe User Joe User added a comment - The RFC defines the header as a date and nothing else. Sending something else than a date violates the RFC even when clients must treat other values as "already expired". So do it right and get closer to RFC conformance instead of doing it wrong and hoping all the rest of the world does it right. RFCs are standards and it is always bad to violate them. Small patch, apply it, thanks.
        Hide
        bantu Andreas Fischer added a comment -

        I am convinced.

        Show
        bantu Andreas Fischer added a comment - I am convinced.

          People

          • Assignee:
            nickvergessen Joas Schilling
            Reporter:
            Joe User Joe User
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development