On 03/07/2025 11:18, Rolandas Karosas | Edrana Baltic wrote:
Hi, On Apache Tomcat 10.1.42 with configured SSL Connector web application with Spring, Spring Security returns the configured Default Spring Security Cache Control HTTP Response Headers Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 But when I add to tomcat\conf\web.xml <security-constraint> <web-resource-collection> <web-resource-name>securedapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> The response contains: Cache-Control: private This occurs for HTTP GET requests. Is this Tomcat 10 related behavior ? As same app on Tomcat 9 with same security-contraint return the correct Headers.
Different value for securePagesWithPragma on the authenticator for the two system being tested?
Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org