This is an automated email from the ASF dual-hosted git repository. vel pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push: new ede5686 RANGER-3171 : Ranger ui became broken after logout in Firefox. ede5686 is described below commit ede568667973c96b1be5dcba8117c18725a98f58 Author: Dhaval Rajpara <dhavalrajpara1...@gmail.com> AuthorDate: Fri Feb 19 01:52:38 2021 +0530 RANGER-3171 : Ranger ui became broken after logout in Firefox. Signed-off-by: Velmurugan Periasamy <v...@apache.org> --- .../security/web/filter/RangerSecurityContextFormationFilter.java | 1 + security-admin/src/main/webapp/login.jsp | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index 6cc3a81..c508579 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -133,6 +133,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { context.setUserSession(userSession); } HttpServletResponse res = (HttpServletResponse)response; + res.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"); res.setHeader("X-Frame-Options", "DENY" ); res.setHeader("X-XSS-Protection", "1; mode=block"); res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); diff --git a/security-admin/src/main/webapp/login.jsp b/security-admin/src/main/webapp/login.jsp index e61278d..df234ef 100644 --- a/security-admin/src/main/webapp/login.jsp +++ b/security-admin/src/main/webapp/login.jsp @@ -57,6 +57,10 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'"); response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); + // Delete browser cache in firefox environment + response.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate"); // HTTP 1.1. + response.setHeader("Pragma", "no-cache"); + response.setHeader("Expires", "0"); %> <!-- Page content ================================================== -->