Bug 51712 - Regression in cache-control headers for requests with security-constraints
Summary: Regression in cache-control headers for requests with security-constraints
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 7
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 7.0.16
Hardware: All All
: P2 regression (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-23 20:55 UTC by Michael Zampani
Modified: 2011-08-29 14:43 UTC (History)
0 users


Attachments
Patch to revert isSecure() check (657 bytes, text/plain)
2011-08-23 20:55 UTC, Michael Zampani 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Zampani 2011-08-23 20:55:25 UTC 
Created attachment 27428 [details]
Patch to revert isSecure() check

Copied from http://markmail.org/thread/rlkpd3hqihc3zbji

CLN 1126273
http://svn.apache.org/viewvc?view=revision&revision=1126273
sets the default value for securePagesWithPragma to false, but also (re)added a request.isSecure() check to the block for adding the cache-control headers.

This results in the headers not being added for secure requests with security-constraints.  This is a change in behavior from Tomcat-7.0.14 that causes IE8 to improperly cache some secure pages.

The secure check was initially added in CLN 287690
http://svn.apache.org/viewvc?view=revision&revision=287690
to fix a bug in IE caching
https://issues.apache.org/bugzilla/show_bug.cgi?id=6641
but was commented out in CLN 302373
http://svn.apache.org/viewvc?view=revision&revision=302373

patch to remove isSecure() check added.
Comment 1 Mark Thomas 2011-08-29 14:43:15 UTC 
Thanks for the patch. This has been applied to 7.0.x and will be included in 7.0.21 onwards.