Re: Cache-Control headers not being added to secure requests

hael > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Tuesday, August 23, 2011 12:49 PM > To: Tomcat Users List > Subject: Re: Cache-Control headers not being added to secure requests > > On 23/08/2011 19:09, Zampani, Mi

RE: Cache-Control headers not being added to secure requests

Wonderful! Should I file a bug report for this? It's only a 1 line diff. Thanks, Michael -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, August 23, 2011 12:49 PM To: Tomcat Users List Subject: Re: Cache-Control headers not being added to secure req

Re: Cache-Control headers not being added to secure requests

On 23/08/2011 19:09, Zampani, Michael wrote: > Chris, > > Doesn't the entire securePagesWithPragma flag fail the robustness > principle? It's specifically there to fix caching issues with IE, > similar to the issue we're now seeing. > > I understand how I would create a Filter to do this, but I'

Re: Cache-Control headers not being added to secure requests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 8/23/2011 2:09 PM, Zampani, Michael wrote: > It seems as though the kernel of logic here is that 'pages with > security-constraints' should have these headers automatically > added. There should be a specific reason to add the additional

RE: Cache-Control headers not being added to secure requests

nt: Tuesday, August 23, 2011 6:48 AM To: Tomcat Users List Subject: Re: Cache-Control headers not being added to secure requests -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 8/22/2011 5:39 PM, Zampani, Michael wrote: > However, I'm still confused about >> - {request.isSec

Re: Cache-Control headers not being added to secure requests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 8/22/2011 5:39 PM, Zampani, Michael wrote: > However, I'm still confused about >> - {request.isSecure()} means that the headers are only added if >> the request is not secure since responses from secure requests >> must not be cached > >

RE: Cache-Control headers not being added to secure requests

ark Thomas [mailto:ma...@apache.org] Sent: Wednesday, August 17, 2011 12:34 AM To: Tomcat Users List Subject: Re: Cache-Control headers not being added to secure requests On 16/08/2011 22:20, Zampani, Michael wrote: > It was my understanding that the fix for IE was just the > securePagesWithP

Re: Cache-Control headers not being added to secure requests

On 16/08/2011 22:20, Zampani, Michael wrote: > It was my understanding that the fix for IE was just the > securePagesWithPragma change, which changes cache-control:no-cache to > cache-control:private by default. > According to the bug report, this should fix IE downloads even for secure > requ

RE: Cache-Control headers not being added to secure requests

for secure requests, which results in no headers at all. Have I misunderstood something? Thanks, Michael -Original Message- From: Richard Frovarp [mailto:rfrov...@apache.org] Sent: Tuesday, August 16, 2011 2:02 PM To: Tomcat Users List Subject: Re: Cache-Control headers not being added

Re: Cache-Control headers not being added to secure requests

On 08/16/2011 03:57 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 8/16/2011 4:42 PM, Zampani, Michael wrote: I don't understand why it was ever present, though. Does anybody know why you wouldn't want these headers on secure requests? The svn comme

Re: Cache-Control headers not being added to secure requests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 8/16/2011 4:42 PM, Zampani, Michael wrote: > I don't understand why it was ever present, though. Does anybody > know why you wouldn't want these headers on secure requests? The svn comment says "...to reduce the likelihood of issues whe