You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2002/02/27 18:42:36 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java
remm 02/02/27 09:42:36
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
- Fix 6641.
- Don't set the cache control headers if the connection is secure.
Revision Changes Path
1.29 +11 -8 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- AuthenticatorBase.java 10 Dec 2001 01:24:41 -0000 1.28
+++ AuthenticatorBase.java 27 Feb 2002 17:42:36 -0000 1.29
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.28 2001/12/10 01:24:41 craigmcc Exp $
- * $Revision: 1.28 $
- * $Date: 2001/12/10 01:24:41 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.29 2002/02/27 17:42:36 remm Exp $
+ * $Revision: 1.29 $
+ * $Date: 2002/02/27 17:42:36 $
*
* ====================================================================
*
@@ -121,7 +121,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.28 $ $Date: 2001/12/10 01:24:41 $
+ * @version $Revision: 1.29 $ $Date: 2002/02/27 17:42:36 $
*/
@@ -477,10 +477,13 @@
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
- HttpServletResponse sresponse = (HttpServletResponse)response.getResponse();
- sresponse.setHeader("Pragma", "No-cache");
- sresponse.setHeader("Cache-Control", "no-cache");
- sresponse.setDateHeader("Expires", 1);
+ if (!(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
+ HttpServletResponse sresponse =
+ (HttpServletResponse) response.getResponse();
+ sresponse.setHeader("Pragma", "No-cache");
+ sresponse.setHeader("Cache-Control", "no-cache");
+ sresponse.setDateHeader("Expires", 1);
+ }
// Enforce any user data constraint for this security constraint
if (debug >= 1)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>