如何说服Firefox(3.0.1,如果重要的话)在HTTPS请求中发送If-Modified-Since标头?如果请求使用普通HTTP并且我的服务器尽职地尊重它,它会发送标头.但是当我使用HTTPS从同一服务器请求相同的资源时(即,只需将URL中的http://更改为https://),Firefox根本不会发送If-Modified-Since标头.这种行为是SSL规范要求的吗?
下面是一些示例HTTP和HTTPS请求/响应对,使用Live HTTP Headers Firefox扩展来提取,但有一些粗体差异:
HTTP请求/响应:
http://myserver.com:30000/scripts/site.js GET /scripts/site.js HTTP/1.1 Host: myserver.com:30000 User-Agent: Mozilla/5.0 (...) Gecko/2008070206 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive If-Modified-Since: Tue, 19 Aug 2008 15:57:30 GMT If-None-Match: "a0501d1-300a-454d22526ae80"-gzip Cache-Control: max-age=0 HTTP/1.x 304 Not Modified Date: Tue, 19 Aug 2008 15:59:23 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8 Connection: Keep-Alive Keep-Alive: timeout=5, max=99 Etag: "a0501d1-300a-454d22526ae80"-gzip
HTTPS请求/响应:
https://myserver.com:30001/scripts/site.js GET /scripts/site.js HTTP/1.1 Host: myserver.com:30001 User-Agent: Mozilla/5.0 (...) Gecko/2008070206 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK Date: Tue, 19 Aug 2008 16:00:14 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8 Last-Modified: Tue, 19 Aug 2008 15:57:30 GMT Etag: "a0501d1-300a-454d22526ae80"-gzip Accept-Ranges: bytes Content-Encoding: gzip Content-Length: 3766 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/javascript
更新:设置browser.cache.disk_cache_ssl为true做了诀窍(这很奇怪,因为正如Nickolay指出的那样,仍有内存缓存).在响应中添加"Cache-control:public"标头也有效.谢谢!
HTTPS请求不会被缓存,因此发送If-Modified-Since没有任何意义.不缓存是一种安全预防措施.
磁盘上的非缓存是一种安全预防措施,但它似乎确实影响了If-Modified-Since行为(瞥了一眼代码).
尝试将Firefox首选项(在about:config中)设置为browser.cache.disk_cache_ssl为true.如果这有帮助,请尝试在响应中发送Cache-Control:public标头.
更新: Gecko 2.0(Firefox 4)的Firefox行为已更改 - 现在缓存了HTTPS内容.
京公网安备 11010802040832号 | 京ICP备19059560号-6 