You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Michael Stevens <mi...@planetoutinc.com> on 2011/06/29 21:20:26 UTC
[users@httpd] Modifying headers according to response code
Hello,
I'd like to do this:
Set Expires and Cache-control headers to specific values on a resource when the response code is 200.
Set those headers to different values when the response code is XXX (but not 200).
The documentation for mod_expires and mod_headers does not suggest that this is possible; these modules allow configuration according to file matching and mime type, but not response code.
The background:
With the release of Firefox 5, that browser is now adhering to the HTTP/1.1 specification, which instructs clients to cache "redirect" responses (302, 307, etc.) according to Expires and Cache-control headers. Apparently, using Apache, this means you cannot configure a particular type of resource to be cached by the client if you routinely expect requests for that resource to be "temporarily" redirected.
Thanks for the help,
Michael
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying headers according to response code
Posted by Tom Evans <te...@googlemail.com>.
On Thu, Jun 30, 2011 at 5:58 PM, Michael Stevens
<mi...@planetoutinc.com> wrote:
>> What is generating the different responses?
>
> We use the Spring Security authentication framework on Tomcat using an APR connector behind Apache.
>
> Protected resources are handled like this for an unauthenticated user:
>
> GET /some/protected/resource.html
> Response: 302 /login.html
> GET /login.html
> Response: 200
> POST /login.html
> Response: 302 /some/protected/resource.html
>
> This is a pretty standard scenario in authentication and single sign-on frameworks. In the example, /some/protected/resource.html cannot be cached by the client since the same expires/cache-control headers will be included with the 302 response, and Firefox 5 will cache the 302, causing the second request to the resource to again redirect to /login.html.
>
> -Michael
>
10.3.3 302 Found
The requested resource resides temporarily under a different URI.
Since the redirection might be altered on occasion, the client SHOULD
continue to use the Request-URI for future requests. This response is
only cacheable if indicated by a Cache-Control or Expires header
field.
Ergo, don't send those headers, or send ones that make it explicitly
clear that you don't want the page cached, eg Cache-Control: no-cache,
or Expires in the past.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Modifying headers according to response code
Posted by Michael Stevens <mi...@planetoutinc.com>.
> What is generating the different responses?
We use the Spring Security authentication framework on Tomcat using an APR connector behind Apache.
Protected resources are handled like this for an unauthenticated user:
GET /some/protected/resource.html
Response: 302 /login.html
GET /login.html
Response: 200
POST /login.html
Response: 302 /some/protected/resource.html
This is a pretty standard scenario in authentication and single sign-on frameworks. In the example, /some/protected/resource.html cannot be cached by the client since the same expires/cache-control headers will be included with the 302 response, and Firefox 5 will cache the 302, causing the second request to the resource to again redirect to /login.html.
-Michael
-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com]
Sent: Wednesday, June 29, 2011 5:31 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Modifying headers according to response code
On Wed, 29 Jun 2011 19:20:26 +0000
Michael Stevens <mi...@planetoutinc.com> wrote:
> Hello,
>
> I'd like to do this:
>
> Set Expires and Cache-control headers to specific values on a resource when the response code is 200.
>
> Set those headers to different values when the response code is XXX (but not 200).
What is generating the different responses?
My suggestion: use ErrorDocument, and set your headers in its scope.
--
Nick Kew
Available for work, contract or permanent.
http://www.webthing.com/~nick/cv.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying headers according to response code
Posted by Nick Kew <ni...@webthing.com>.
On Wed, 29 Jun 2011 19:20:26 +0000
Michael Stevens <mi...@planetoutinc.com> wrote:
> Hello,
>
> I'd like to do this:
>
> Set Expires and Cache-control headers to specific values on a resource when the response code is 200.
>
> Set those headers to different values when the response code is XXX (but not 200).
What is generating the different responses?
My suggestion: use ErrorDocument, and set your headers in its scope.
--
Nick Kew
Available for work, contract or permanent.
http://www.webthing.com/~nick/cv.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org