You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2003/07/18 06:36:50 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java
billbarker 2003/07/17 21:36:50
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
As discussed on tomcat-dev, don't disable caching of POST requests.
Revision Changes Path
1.7 +7 -5 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- AuthenticatorBase.java 12 Mar 2003 05:59:30 -0000 1.6
+++ AuthenticatorBase.java 18 Jul 2003 04:36:50 -0000 1.7
@@ -504,8 +504,10 @@
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
+ HttpServletRequest hsrequest = (HttpServletRequest)hrequest.getRequest();
if (disableProxyCaching &&
- !(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
+ !hsrequest.isSecure() &&
+ !"POST".equalsIgnoreCase(hsrequest.getMethod())) {
HttpServletResponse sresponse =
(HttpServletResponse) response.getResponse();
sresponse.setHeader("Pragma", "No-cache");
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org