This changes the default behaviour of deny_info redirects. Making Squid
automaticaly select 307 or 303 status code where appropriate for HTTP/1.1
clients and 302 for HTTP/1.0 clients or other appropriate cases.
For example;
deny_info 303:http://example.com/ POST
On top of the behaviour change this patch adds capability for admin to
configure deny_info with explicit status codes ranging from 200 to 599.
There are limits placed on the use of each range of status codes:
* 2xx, 4xx and 5xx may only be set when there is a local file or template
being used as body content on the response.
* 3xx status may only be set when there is a URI being used as a redirect
destination.
These limitations are enforced with a configuration hard abort due to:
3xx with a named template and 4xx/5xx with a redirect break with a range
of horrible results to our file loading and output Location: URLs. My
tests ended up with Squid scanning the FS for local files called
http://blah, redirecting the browser to 404:ERR_ACCESS_DENIED, or getting
past those with zero-sized replies and crashes when err is required to
have length.
They are going to take something much more major logic re-plumbing and
maybe deeper cleanup to get the crossover down to safe enough for just a
warning. Given the RFC defined use of each status range I did not think
it worth doing to enable something on the fine edge of non-standard.
projects / thirdparty / squid.git / commit
