Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.977
diff -u -9 -p -r1.977 user.module
--- modules/user/user.module	20 Apr 2009 04:41:35 -0000	1.977
+++ modules/user/user.module	22 Apr 2009 20:12:24 -0000
@@ -808,19 +808,19 @@ function user_perm() {
 
 /**
  * Implementation of hook_file_download().
  *
  * Ensure that user pictures (avatars) are always downloadable.
  */
 function user_file_download($filepath) {
   if (strpos($filepath, variable_get('user_picture_path', 'pictures') . '/picture-') === 0) {
     $info = image_get_info(file_create_path($filepath));
-    return array('Content-type: ' . $info['mime_type']);
+    return array('Content-Type' => $info['mime_type']);
   }
 }
 
 /**
  * Implementation of hook_file_references().
  */
 function user_file_references($file) {
   // Determine if the file is used by this module.
   $count = db_query('SELECT COUNT(*) FROM {users} WHERE picture = :fid', array(':fid' => $file->fid))->fetchField();
Index: modules/upload/upload.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/upload/upload.module,v
retrieving revision 1.232
diff -u -9 -p -r1.232 upload.module
--- modules/upload/upload.module	11 Apr 2009 22:19:45 -0000	1.232
+++ modules/upload/upload.module	22 Apr 2009 20:12:24 -0000
@@ -150,20 +150,20 @@ function _upload_file_limits($user) {
 /**
  * Implementation of hook_file_download().
  */
 function upload_file_download($filepath) {
   $filepath = file_create_path($filepath);
   $file = db_query("SELECT f.*, u.nid FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = :path", array(':path' => $filepath))->fetchObject();
 
   if ($file && user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) {
     return array(
-      'Content-Type: ' . $file->filemime,
-      'Content-Length: ' . $file->filesize,
+      'Content-Type' => $file->filemime,
+      'Content-Length' => $file->filesize,
     );
   }
   else {
     return -1;
   }
 }
 
 /**
  * Save new uploads and store them in the session to be associated to the node
Index: modules/system/system.api.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.api.php,v
retrieving revision 1.27
diff -u -9 -p -r1.27 system.api.php
--- modules/system/system.api.php	21 Apr 2009 05:07:08 -0000	1.27
+++ modules/system/system.api.php	22 Apr 2009 20:12:24 -0000
@@ -1243,20 +1243,20 @@ function hook_file_delete($file) {
 function hook_file_download($filepath) {
   // Check if the file is controlled by the current module.
   $filepath = file_create_path($filepath);
   $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
   if ($file = db_fetch_object($result)) {
     if (!user_access('view uploaded files')) {
       return -1;
     }
     return array(
-      'Content-Type: ' . $file->filemime,
-      'Content-Length: ' . $file->filesize,
+      'Content-Type' => $file->filemime,
+      'Content-Length' => $file->filesize,
     );
   }
 }
 
 /**
  * Check installation requirements and do status reporting.
  *
  * This hook has two closely related uses, determined by the $phase argument:
  * checking installation requirements ($phase == 'install')
Index: sites/default/default.settings.php
===================================================================
RCS file: /cvs/drupal/drupal/sites/default/default.settings.php,v
retrieving revision 1.23
diff -u -9 -p -r1.23 default.settings.php
--- sites/default/default.settings.php	19 Apr 2009 19:10:08 -0000	1.23
+++ sites/default/default.settings.php	22 Apr 2009 20:12:24 -0000
@@ -270,18 +270,37 @@ $conf = array(
  * in the X-Forwarded-For headers only if Remote IP address is one of
  * these, that is the request reaches the web server from one of your
  * reverse proxies. Otherwise, the client could directly connect to
  * your web server spoofing the X-Forwarded-For headers.
  */
 #   'reverse_proxy_addresses' => array('a.b.c.d', ...), // Leave the comma here.
 );
 
 /**
+ * Page caching:
+ *
+ * By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page
+ * views. This tells a HTTP proxy that it may return a page from its local
+ * cache without contacting the web server, if the user sends the same Cookie
+ * header as the user who originally requested the cached page. Without "Vary:
+ * Cookie", authenticated users would also be served the anonymous page from
+ * the cache. If the site has mostly anonymous users except a few known
+ * editors/administrators, the Vary header can be omitted. This allows for
+ * better caching in HTTP proxies (including reverse proxies), i.e. even if
+ * clients send different cookies, they still get content served from the cache
+ * if aggressive caching is enabled and the minimum cache time is non-zero.
+ * However, authenticated users should access the site directly (i.e. not use an
+ * HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
+ * getting cached pages from the proxy.
+ */
+# $conf['omit_vary_cookie'] = TRUE;
+
+/**
  * String overrides:
  *
  * To override specific strings on your site with or without enabling locale
  * module, add an entry to this list. This functionality allows you to change
  * a small number of your site's default English language interface strings.
  *
  * Remove the leading hash signs to enable.
  */
 # $conf['locale_custom_strings_en'] = array(