You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2003/07/18 06:39:32 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java
billbarker 2003/07/17 21:39:32
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
Port patch.
Revision Changes Path
1.38 +7 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- AuthenticatorBase.java 19 Mar 2003 01:33:17 -0000 1.37
+++ AuthenticatorBase.java 18 Jul 2003 04:39:31 -0000 1.38
@@ -499,8 +499,10 @@
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
+ HttpServletRequest hsrequest = (HttpServletRequest)hrequest.getRequest();
if (disableProxyCaching &&
- !(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
+ !hsrequest.isSecure() &&
+ !"POST".equalsIgnoreCase(hsrequest.getMethod())) {
HttpServletResponse sresponse =
(HttpServletResponse) response.getResponse();
sresponse.setHeader("Pragma", "No-cache");
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org