On 03/07/2025 11:18, Rolandas Karosas | Edrana Baltic wrote:
Hi,
On Apache Tomcat 10.1.42 with configured SSL Connector
web application with Spring, Spring Security
returns the configured Default Spring Security Cache Control HTTP Response
Headers
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
But when I add to tomcat\conf\web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
The response contains:
Cache-Control: private
This occurs for HTTP GET requests.
Is this Tomcat 10 related behavior ?
As same app on Tomcat 9 with same security-contraint return the correct Headers.
Different value for securePagesWithPragma on the authenticator for the
two system being tested?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
