Am 2013-06-04 00:40, schrieb Jeffrey Janner:
[..]
For those who might be interested, here are the two header sets returned:
Without SSLAuthenticator:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 18:00:00 CST
Content-Disposition: attachment;
filename=SITE_VIEW_COST_SAVING_PART_NUMBER_%26QUOT%3BQUOTES_IN_PROJ_SV%26QUOT%3B_20130603.xls;
Content-Type: application/vnd.ms-excel
Transfer-Encoding: chunked
Date: Mon, 03 Jun 2013 22:34:41 GMT
With SSLAuthenticator:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Wed, 31 Dec 1969 18:00:00 CST
Content-Disposition: attachment;
filename=SITE_VIEW_COST_SAVING_PART_NUMBER_%26QUOT%3BQUOTES_IN_PROJ_SV%26QUOT%3B_20130603.xls;
Content-Type: application/vnd.ms-excel
Transfer-Encoding: chunked
Date: Mon, 03 Jun 2013 22:29:41 GMT
Note the only real difference is the addition of a Pragma header. Apparently,
this is giving IE8 and earlier fits.
Anybody know how to disable the Pragma being added without using the
SSLAuthenticator Valve? Or remove it?
Hi Jeff,
I have observed this stupid IE behavior a couple of years ago. Took me
almost a day to figure out. Though I use an authenticator in Tomcat
which sets securePagesWithPragma to false.
Have you considered searching Tomcat's source code -- or better yet
writing an always-pass-through authenticator which sets this flag by
default?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org