GNU bug report logs -
#10147
HTTP "Expires" header should handle non-date values
Previous Next
Reported by: Daniel Hartwig <mandyke <at> gmail.com>
Date: Sun, 27 Nov 2011 10:42:02 UTC
Severity: normal
Tags: patch
Found in version 2.0.3
Done: Andy Wingo <wingo <at> pobox.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
On 22 December 2011 20:35, Andy Wingo <wingo <at> pobox.com> wrote:
>> Not sure precisely what you mean here. Is it something like:
>>
>> (or (false-if-exception (parse-date str))
>> (and (memq str '("0" "-1")) str)
>> date-in-the-past)
>
> More like:
>
> (if (member str '("0" "-1"))
> date-in-the-past
> (parse-date str))
>
> Then we can wait and see -- if only these two values are out there, then
> we are good, and we keep the "validating" characteristic of our date
> parser. Otherwise we can fall back to the false-if-exception dance if
> someone submits a bug report.
A rough check against ~2600 sites scraped from dmoz.org shows only a
handful with other values. These two:
"Mon, 12 Jul 1996 1:00:00 GMT"
^ misses leading `0'
"Thu, 01 Jan 1970 00:00:00 +0000"
^ should be `GMT'
The second (use of `+0000') was also encountered amongst other
date-valued headers in ~1% of pages sampled. There might be a case
here for relaxing `parse-date' as I don't think these should be
handled specifically for "Expires" headers.
There were three more like:
"{ts '2011-12-27 08:12:22'}"
which only appeared for "Expires" headers. They look something like
server directives which should have been transformed to legit
expiration dates but haven't been, due to misconfiguration. In this
case I'd rather throw an error than parse it (wrongly) to
date-in-the-past.
Given those points, I have attached a patch implementing the suggested
handling for "Expires" and will take a look at perhaps relaxing
parse-date (and others). Anyone have ideas on that?
Daniel
[0001-permit-non-date-values-for-Expires-header.patch (text/x-patch, attachment)]
This bug report was last modified 13 years and 186 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.