ZF-11776: ZF-9799 undoes ZF-5890 and breaks AMF for Internet Explorer 5 - 8


The changes in ZF-9799 undid the changes from ZF-5890 which breaks AMF in Internet Explorer versions 5.01 - 8, at least when SSL is used.

Cf. http://support.microsoft.com/kb/323308/en-us


ZF-9799 breaks what ZF-5890 fixed.

Can you detail what exactly we need to test for? It looks like we need to look for an IE user agent, and, if detected, send the following header:

Cache-Control: cache, must-revalidate

instead of:

Cache-Control: no-cache, must-revalidate

Does that sound right?

Looks about right, but probably needs Pragma: public, too. (At least that's what the state was before ZF-9799.)

Our current workaround is to filter out Cache-Control and Pragma headers from our backend servers, so they're not passed to the client, and that works for us. However, since the original change in ZF-5890 set those headers explicitly, it might be best to just return to that status quo ante.

I don't have all Internet Explorer versions available to test, but going from the Microsoft knowledgebase entry, you'd need to check for IE user-agent with version between 5 and 8. According to Microsoft, newer versions than that are not affected.

I've looked at the diffs for the two linked issues, as well as the MSDN article, and determined how to branch the headers. I'm now detecting IE over SSL, and sending different Cache-Control and Pragma headers when detected. Fix is in trunk and the 1.11 release branch.

I just installed Zend Framework Minimal 1.11.11 and I got an error message : "PHP Notice: Undefined index: HTTPS in XXXX\Zend\Amf\Response\Http.php on line 59" while using some AMF stuff.

In PHP, the proper way to test if a variable exists is with isset().

So, the two lines: $ssl = $_SERVER['HTTPS']; and $ua = $_SERVER['HTTP_USER_AGENT']; must be changed to: $ssl = ( isset($_SERVER['HTTPS'])===true ? $_SERVER['HTTPS'] : false ); and $ua = ( isset($_SERVER['HTTP_USER_AGENT'])===true ? $_SERVER['HTTP_USER_AGENT'] : false );

@HelloWorld: That issue has been fixed in trunk (see ZF-11783) and will be included in next mini-release.