You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jason Bainbridge <jb...@gmail.com> on 2005/03/25 16:04:10 UTC
Pragma: No-cache being added on one server but not another
This isn't the usual problem of trying to force a browser to not cache
an object but actually the opposite, on one of our servers every
request for a particular image is coming back everytime with:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 18:00:00 CST
ETag: W/"177-1048812990000"
Last-Modified: Fri, 28 Mar 2003 00:56:30 GMT
Content-Type: image/gif
Content-Length: 1083
Date: Fri, 25 Mar 2005 14:55:08 GMT
and on another server the first request for the same image:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"1083-1048812990000"
Last-Modified: Fri, 28 Mar 2003 00:56:30 GMT
Content-Type: image/gif
Content-Length: 1083
Date: Fri, 25 Mar 2005 14:57:08 GMT
With subsequent requests returning the expected:
HTTP/1.1 304 Not Modified
Server: Apache-Coyote/1.1
Date: Fri, 25 Mar 2005 14:57:20 GMT
On the server with the no-cache headers being returned I have been
tasked with locking it down so I have removed all of the example
applications, the manager application and everything else we don't use
plus I am running the Windows Service under an account that started
with no permissions that I added the required permissions to by
various means like using filemon and regmon while tomcat was running.
Have I inadvertently removed or disabled something that would force
the adding of all the no-cache headers? Where ere they coming from?
There are three there that I believe shouldn't be there:
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 18:00:00 CST
Any insight would be much appreciated!
Cheers,
--
Jason Bainbridge
http://kde.org - webmaster@kde.org
Personal Site - http://jasonbainbridge.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Pragma: No-cache being added on one server but not another
Posted by Jason Bainbridge <jb...@gmail.com>.
On Fri, 25 Mar 2005 10:24:25 -0600, Jason Bainbridge
<jb...@gmail.com> wrote:
> Got a little bit further to this after discovering Tomcat adds those
> Headers whenever the resources are within a Security constriant, which
> they are in this case to force SSL with the below:
>
> <security-constraint>
> <web-resource-collection>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> Now is there anyway to disable the adding of the no-cache headers in
> this situation?
I ended up working around this defining multiple security constraints
just for the servlets that are called so if a user tries to go in
through any of the normal entry points with http it will stil redirect
to https but the static content isn't within the security-constraint
and hence Tomcat will allow it to be cached on the client side. This
means they can request the static content without it being redirected
to https but that isn't a concern as none of the statis stuff is
confidential.
This was one big gotcha for me and we only detected it jsut before
going live next week so I was under a bit of pressure to fix it so
hopefully if anyone has a similar problem in the future they can find
this in the archives to explain what is happening.
Regards,
--
Jason Bainbridge
http://kde.org - webmaster@kde.org
Personal Site - http://jasonbainbridge.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Pragma: No-cache being added on one server but not another
Posted by Jason Bainbridge <jb...@gmail.com>.
Got a little bit further to this after discovering Tomcat adds those
Headers whenever the resources are within a Security constriant, which
they are in this case to force SSL with the below:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Now is there anyway to disable the adding of the no-cache headers in
this situation?
On Fri, 25 Mar 2005 09:04:10 -0600, Jason Bainbridge
<jb...@gmail.com> wrote:
> This isn't the usual problem of trying to force a browser to not cache
> an object but actually the opposite, on one of our servers every
> request for a particular image is coming back everytime with:
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 18:00:00 CST
> ETag: W/"177-1048812990000"
> Last-Modified: Fri, 28 Mar 2003 00:56:30 GMT
> Content-Type: image/gif
> Content-Length: 1083
> Date: Fri, 25 Mar 2005 14:55:08 GMT
>
> and on another server the first request for the same image:
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> ETag: W/"1083-1048812990000"
> Last-Modified: Fri, 28 Mar 2003 00:56:30 GMT
> Content-Type: image/gif
> Content-Length: 1083
> Date: Fri, 25 Mar 2005 14:57:08 GMT
>
> With subsequent requests returning the expected:
>
> HTTP/1.1 304 Not Modified
> Server: Apache-Coyote/1.1
> Date: Fri, 25 Mar 2005 14:57:20 GMT
>
> On the server with the no-cache headers being returned I have been
> tasked with locking it down so I have removed all of the example
> applications, the manager application and everything else we don't use
> plus I am running the Windows Service under an account that started
> with no permissions that I added the required permissions to by
> various means like using filemon and regmon while tomcat was running.
>
> Have I inadvertently removed or disabled something that would force
> the adding of all the no-cache headers? Where ere they coming from?
> There are three there that I believe shouldn't be there:
>
> Pragma: No-cache
> Cache-Control: no-cache
> Expires: Wed, 31 Dec 1969 18:00:00 CST
>
> Any insight would be much appreciated!
>
> Cheers,
> --
> Jason Bainbridge
> http://kde.org - webmaster@kde.org
> Personal Site - http://jasonbainbridge.com
>
--
Jason Bainbridge
http://kde.org - webmaster@kde.org
Personal Site - http://jasonbainbridge.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org