At the moment (with the default settings), Tomcat 4.1.x and higher add HTTP
headers to non-SSL protected pages to prevent intermediate proxies from
caching them. According to the HTTP/1.1 RFC (and even the HTTP/1.0 RFC),
POSTed pages are not allowed to be cached by proxies (for the obvious
reasons). I'd like to add request.getMethod().equals("POST") to the list of
conditions to *not* add the headers.
I'm happy if I can do this in 5.x, and ecstatic if I can back-port it to
4.1.x (since it almost removes my need to configure the Authenticator).
This message is intended only for the use of the person(s) listed above as the
intended recipient(s), and may contain information that is PRIVILEGED and
CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or
distribute this message or any attachment. If you received this communication in
error, please notify us immediately by e-mail and then delete all copies of this
message and any attachments.
In addition you should be aware that ordinary (unencrypted) e-mail sent through the
Internet is not secure. Do not send confidential or sensitive information, such as
social security numbers, account numbers, personal identification numbers and
passwords, to us via ordinary (unencrypted) e-mail.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
