Hi! I can understand the motivation for adding a Cache-Control header for CONFIDENTIAL transport guarantees, as discussed in http://tomcat.10.x6.nabble.com/tomcat-8-0-jre8-user-data-constraint-CONFIDENTIAL-user-data-constraint-adds-Cache-Control-private-tp5077170p5077201.html
But if the transport guarantee is only INTEGRAL (and there are no authorization constraints), wouldn't it make more sense to let the resource be fully cached? One use case would be a single-page app where some static resources never change (e.g. due to content hashes in their names). These resources would require data integrity, since it's important that the app logic and content cannot be modified in transit. But if the resources don't require authorization they aren't secret, so they don't require confidentiality. And since they never change, it's wasteful for the client to check with the server to validate its cache on every request. What I'm proposing, if the above makes sense, would be to add an additional criteria to the disableProxyCaching logic in AuthenticatorBase, that goes through the constraints array and checks if there are any authorization constraints or user data constraint with CONFIDENTIAL transport guarantee. If not, no cache control headers should be added. Static resources could then be configured with a transport guarantee of INTEGRAL and still redirect to a secure connector if needed, but retain full caching. Yours, Mikael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
