You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by fm...@apache.org on 2010/10/12 11:05:40 UTC

svn commit: r1021690 - /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java

Author: fmeschbe
Date: Tue Oct 12 09:05:40 2010
New Revision: 1021690

URL: http://svn.apache.org/viewvc?rev=1021690&view=rev
Log:
SLING-1841 Send cache control headers to prevent caching the result
and set content type to prevent Firefox from trying to parse the result
if requesting with an XHR request

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java?rev=1021690&r1=1021689&r2=1021690&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java Tue Oct 12 09:05:40 2010
@@ -284,6 +284,19 @@ public abstract class AbstractAuthentica
     public static void sendValid(final HttpServletResponse response) {
         try {
             response.setStatus(HttpServletResponse.SC_OK);
+
+            // expressely tell we have no content but set content type
+            // to prevent firefox from trying to parse the response
+            // (SLING-1841)
+            response.setContentType("text/plain");
+            response.setContentLength(0);
+
+            // prevent the client from aggressively caching the response
+            // (SLING-1841)
+            response.setHeader("Pragma", "no-cache");
+            response.setHeader("Cache-Control", "no-cache");
+            response.addHeader("Cache-Control", "no-store");
+
             response.flushBuffer();
         } catch (IOException ioe) {
             // TODO: log.error("Failed to send 200/OK response", ioe);