Author: jleroux
Date: Wed May 23 20:53:45 2018
New Revision: 1832128
URL:
http://svn.apache.org/viewvc?rev=1832128&view=revLog:
Improved: Secure HTTP headers
(OFBIZ-6766)
After reading
https://www.fastly.com/blog/headers-we-dont-want and more in the
Jira, only improves UtilHttp.setResponseBrowserProxyNoCache() by adding
Cache-Control:private to avoid caching in proxy.
Modified:
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1832128&r1=1832127&r2=1832128&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java Wed May 23 20:53:45 2018
@@ -977,8 +977,7 @@ public final class UtilHttp {
long nowMillis = System.currentTimeMillis();
response.setDateHeader("Expires", nowMillis);
response.setDateHeader("Last-Modified", nowMillis); // always modified
- response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate"); // HTTP/1.1
- response.addHeader("Cache-Control", "post-check=0, pre-check=0, false");
+ response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, private"); // HTTP/1.1
response.setHeader("Pragma", "no-cache"); // HTTP/1.0
}
Locked
