remm 02/02/27 09:42:58
Modified: catalina/src/share/org/apache/catalina/authenticator Tag:
tomcat_40_branch AuthenticatorBase.java
Log:
- Fix 6641.
- Don't set the cache control headers if the connection is secure.
Revision Changes Path
No revision
No revision
1.23.2.5 +14 -11
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.23.2.4
retrieving revision 1.23.2.5
diff -u -r1.23.2.4 -r1.23.2.5
--- AuthenticatorBase.java 31 Jan 2002 17:47:45 -0000 1.23.2.4
+++ AuthenticatorBase.java 27 Feb 2002 17:42:58 -0000 1.23.2.5
@@ -1,10 +1,10 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.23.2.4 2002/01/31 17:47:45 patrickl Exp $
- * $Revision: 1.23.2.4 $
- * $Date: 2002/01/31 17:47:45 $
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.23.2.4 2002/01/31 17:47:45 patrickl Exp $
- * $Revision: 1.23.2.4 $
- * $Date: 2002/01/31 17:47:45 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.23.2.5 2002/02/27 17:42:58 remm Exp $
+ * $Revision: 1.23.2.5 $
+ * $Date: 2002/02/27 17:42:58 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.23.2.5 2002/02/27 17:42:58 remm Exp $
+ * $Revision: 1.23.2.5 $
+ * $Date: 2002/02/27 17:42:58 $
*
* ====================================================================
*
@@ -124,7 +124,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.23.2.4 $ $Date: 2002/01/31 17:47:45 $
+ * @version $Revision: 1.23.2.5 $ $Date: 2002/02/27 17:42:58 $
*/
@@ -480,10 +480,13 @@
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
- HttpServletResponse sresponse = (HttpServletResponse)response.getResponse();
- sresponse.setHeader("Pragma", "No-cache");
- sresponse.setHeader("Cache-Control", "no-cache");
- sresponse.setDateHeader("Expires", 1);
+ if (!(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
+ HttpServletResponse sresponse =
+ (HttpServletResponse) response.getResponse();
+ sresponse.setHeader("Pragma", "No-cache");
+ sresponse.setHeader("Cache-Control", "no-cache");
+ sresponse.setDateHeader("Expires", 1);
+ }
// Enforce any user data constraint for this security constraint
if (debug >= 1)
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
