Bug 51712 - Regression in cache-control headers for requests with security-constraints
Regression in cache-control headers for requests with security-constraints
Status: RESOLVED FIXED
Product: Tomcat 7
Classification: Unclassified
Component: Catalina
7.0.16
All All
: P2 regression (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2011-08-23 20:55 UTC by Michael Zampani
Modified: 2011-08-29 14:43 UTC (History)
0 users



Attachments
Patch to revert isSecure() check (657 bytes, text/plain)
2011-08-23 20:55 UTC, Michael Zampani
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Zampani 2011-08-23 20:55:25 UTC
Created attachment 27428 [details]
Patch to revert isSecure() check

Copied from http://markmail.org/thread/rlkpd3hqihc3zbji

CLN 1126273
http://svn.apache.org/viewvc?view=revision&revision=1126273
sets the default value for securePagesWithPragma to false, but also (re)added a request.isSecure() check to the block for adding the cache-control headers.

This results in the headers not being added for secure requests with security-constraints.  This is a change in behavior from Tomcat-7.0.14 that causes IE8 to improperly cache some secure pages.

The secure check was initially added in CLN 287690
http://svn.apache.org/viewvc?view=revision&revision=287690
to fix a bug in IE caching
https://issues.apache.org/bugzilla/show_bug.cgi?id=6641
but was commented out in CLN 302373
http://svn.apache.org/viewvc?view=revision&revision=302373

patch to remove isSecure() check added.
Comment 1 Mark Thomas 2011-08-29 14:43:15 UTC
Thanks for the patch. This has been applied to 7.0.x and will be included in 7.0.21 onwards.