Thanks Justin for clarifying. On 10 nov 2012, at 12:54, Justin Erenkrantz wrote: > On Sat, Nov 10, 2012 at 6:49 AM, Justin Erenkrantz <jus...@erenkrantz.com> > wrote: > There is a C-L header...so, I don't know what the original poster is seeing, > but we're already doing the right thing... -- justin > > I bet the OP is trying to do HEAD on a directory as there was talk elsethread > about trying to discover ACLs on a directories...that's not going to generate > a C-L.
I am not sure if Original Poster refers to Branko (who raised concerns about using HEAD requests for ACLs) or myself who did some tests in response to that concern. Yes, we are doing HEAD on directories since that's the situation where we were considering doing HEAD rather than GET requests. > And, C-L is not meaningful in anyway on directories - only actual resources. > mod_autoindex doesn't do it either: > > ... > > (The only way to generate the C-L would be to run through the > response...which we don't do for HEAD.) I suppose this means that it would be a significant optimization to perform HEAD rather than GET when discovering ACLs for every subdirectory in a directory listing? Branko's concern is still interesting... because this behaviour (omitting CL for HEAD requests) does seem to violate the HTTP RFC, but for good reason. Given that mod_autoindex as well as mod_php (at least on the config I tested) also omits CL for HEAD I suppose it is a well accepted optimization in practice. Thanks, Thomas Å.
