You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/01/31 18:48:35 UTC
DO NOT REPLY [Bug 6152] -
typo
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6152>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6152
typo
patrick.luby@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From patrick.luby@sun.com 2002-01-31 17:48 -------
In the HEAD branch, Catalina automcatically sets the following headers on
"authenticated" content (e.g. manager webapp):
Pragma: No-cache
Cache-Control: no-cache
Expires: 1
Unfortunately, although this code has been in the HEAD branch for a few months
now, I never ported it to the 4.0.x branch.
Since setting these headers is necessary to prevent a security hole where proxy
servers can cache "authenticated" content and inadvertantly serve that content to
someone else, I have committed the above code to the 4.0.x branch.
This should fix the problem.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>