Author: markt
Date: Mon Aug 29 14:40:27 2011
New Revision: 1162836
URL: http://svn.apache.org/viewvc?rev=1162836&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51712
Ensure cache control headers are sent even if request is secure.
Patch provided by Michael Zampani
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1162836&r1=1162835&r2=1162836&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Mon Aug 29 14:40:27 2011
@@ -476,7 +476,6 @@ public abstract class AuthenticatorBase
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
if (constraints != null && disableProxyCaching &&
- !request.isSecure() &&
!"POST".equalsIgnoreCase(request.getMethod())) {
if (securePagesWithPragma) {
// Note: These can cause problems with downloading files with
IE
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
