matthijskooijman
commented
3 years ago I've squashed the commits and rebased on top of master, will merge next.
Closed RoukePouw closed 3 years ago
matthijskooijman
commented
3 years ago I've squashed the commits and rebased on top of master, will merge next.
This is apparently some implementation-specific header related to caching in some implementations.
Pragme: no-cacheis standard, but other values are implementation-defined.https://stackoverflow.com/questions/1920781/what-does-the-http-header-pragma-public-mean
This is apparently a workaround for a bug in Netscape, fixed 24 years ago, but the header still lingered in Apache for quite a while. https://stackoverflow.com/questions/8711584/x-pad-avoid-browser-bug-header-added-by-apache https://github.com/mnot/redbot/issues/229
This prevents using cached resources without first validating them. I'd think this is not really needed, since the browser is free to validate partial responses, just like complete responses. However, it seems that Apache (or PHP) actually adds
Cache-Control: no-store(which disallows all caching) on all responses by default, so I guess this header is intended to actually allow some caching. However, since we support no way of validation (If-modified-SinceorEtagheaders),no-cacheeffectively prevents all caching, which doesn't seem particularly useful. So just setting this topublicwith amax-ageof 24h is probably better.So, I've removed
X-padand updated the cache heades. I've also removed theContent-Dispositionheader, since that primarily sets the filename, but the browser can already just derive the filename from the URL. And I added a TODO about Apache'sX-Sendfileheader, to be looked at later.With this, I think the code is ready to be tested, and if it works as expected, merged (after squashing).