Author: etnu
Date: Thu Mar 26 18:26:02 2009
New Revision: 758788
URL: http://svn.apache.org/viewvc?rev=758788&view=rev
Log:
Added www-authenticate to the disallowed response headers list to avoid a
potential annoyance / spam vector where users are presented with modal dialogs
when the header is present on some browsers. The proxy never handled http
authentication correctly anyway, so nobody should be relying on it. makeRequest
should still support this if anyone is using it.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java?rev=758788&r1=758787&r2=758788&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
Thu Mar 26 18:26:02 2009
@@ -51,7 +51,7 @@
protected static final Set<String> DISALLOWED_RESPONSE_HEADERS =
ImmutableSet.of(
"set-cookie", "content-length", "content-encoding", "etag",
"last-modified" ,"accept-ranges",
- "vary", "expires", "date", "pragma", "cache-control", "transfer-encoding"
+ "vary", "expires", "date", "pragma", "cache-control",
"transfer-encoding", "www-authenticate"
);
/**
