svn commit: r1162836 - /tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java

Mon, 29 Aug 2011 07:40:53 -0700 

Author: markt
Date: Mon Aug 29 14:40:27 2011
New Revision: 1162836

URL: http://svn.apache.org/viewvc?rev=1162836&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51712
Ensure cache control headers are sent even if request is secure.
Patch provided by Michael Zampani

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java

Modified: 
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1162836&r1=1162835&r2=1162836&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
Mon Aug 29 14:40:27 2011
@@ -476,7 +476,6 @@ public abstract class AuthenticatorBase 
         // Make sure that constrained resources are not cached by web proxies
         // or browsers as caching can provide a security hole
         if (constraints != null && disableProxyCaching && 
-            !request.isSecure() &&
             !"POST".equalsIgnoreCase(request.getMethod())) {
             if (securePagesWithPragma) {
                 // Note: These can cause problems with downloading files with 
IE



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to