cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java

Mon, 18 Apr 2005 13:22:36 -0700 

keith       2005/04/18 13:21:57

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        AuthenticatorBase.java
  Log:
  [34083 et al] For webapps with security constraints, we default to sending
  headers to disable caching.  This is well-intentioned but IE will not open
  office documents under SSL with the Pragma header.  Remove the Pragma
  header and change the Cache-Control to private based on comments in
  the many bugs about this and my reading of the 1.1 spec.
  
  Per Remy make this behavior optional, with a new valve attribute
  
  Revision  Changes    Path
  1.26      +35 -3     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
  
  Index: AuthenticatorBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- AuthenticatorBase.java    13 Sep 2004 21:07:43 -0000      1.25
  +++ AuthenticatorBase.java    18 Apr 2005 20:21:57 -0000      1.26
  @@ -144,6 +144,12 @@
       protected boolean disableProxyCaching = true;
   
       /**
  +     * Flag to determine if we disable proxy caching with headers compatible
  +     * with IE 
  +     */
  +    protected boolean IECompatibleProxyCacheDisableHeaders = true;
  +    
  +    /**
        * The lifecycle event support for this component.
        */
       protected LifecycleSupport lifecycle = new LifecycleSupport(this);
  @@ -339,6 +345,25 @@
       public void setDisableProxyCaching(boolean nocache) {
           disableProxyCaching = nocache;
       }
  +    
  +    /**
  +     * Return the flag that states, if proxy caching is disabled, what 
headers
  +     * we add to disable the caching.  
  +     */
  +    public boolean getIECompatibleProxyCacheDisableHeaders() {
  +        return IECompatibleProxyCacheDisableHeaders;
  +    }
  +
  +    /**
  +     * Set the value of the flag that states what headers we add to disable
  +     * proxy caching.
  +     * @param compatible <code>true</code> if we add headers which are
  +     * generally compatible, <code>false</code> if add headers which aren't
  +     * known to be compatible.
  +     */
  +    public void setIECompatibleProxyCacheDisableHeaders(boolean compatible) {
  +        IECompatibleProxyCacheDisableHeaders = compatible;
  +    }    
   
       // --------------------------------------------------------- Public 
Methods
   
  @@ -415,8 +440,15 @@
               // (improper caching issue)
               //!request.isSecure() &&
               !"POST".equalsIgnoreCase(request.getMethod())) {
  -            response.setHeader("Pragma", "No-cache");
  -            response.setHeader("Cache-Control", "no-cache");
  +            if (IECompatibleProxyCacheDisableHeaders) {
  +              //this is the standard way to disable caching
  +              response.setHeader("Cache-Control", "private");
  +            } else {
  +              //IE won't render the page under SSL if this header is 
specified
  +              //TODO It was stipulated that these not be removed, not sure 
why
  +              response.setHeader("Pragma", "No-cache");
  +              response.setHeader("Cache-Control", "no-cache");
  +            }
               response.setHeader("Expires", DATE_ONE);
           }
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to