cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: REST response over https - no-cache always set
Date Sun, 20 Feb 2011 12:45:03 GMT

On Sun, Feb 20, 2011 at 11:54 AM, Tamar Furman (tfurman)
<> wrote:
> Hi Sergey -
> The response.reset did the trick. I reset the context response then built the response
using the response builder like before. The cache control header is gone.
> Thank you very much.
thanks for the confirmation, I'll need to document this trick...

> Any explanation why this cleanup is needed and why the ResponseBuilders is using the
context response headers? We have other request-response compiling some download files, running
just HttpServletResponse and these seams to work fie with the IE8 no-cache limitation just
fine by setting it to false.

The reset() thing is needed because the underlying servlet container
makes the decision for whatever reasons to set no-cache to true.

This is just a theory but I suspect that if it's a plain GET over
HTTPs then the container thinks there's no need to enable the caching
so it sets the no-cache to true. In some other cases (which you are
referring to and where setting no-cache to false explicitly works) the
container is probably does not set no-cache to true...May be because
the multiparts are involved and thus no caching is needed, etc...

ResponseBuilder is not doing anything but collecting a list of
headers, status and the entity if any. Whatever ResponseBuilder has
collected is later copied to the outbound message in
JAXRSOutInterceptor, and it's really in the CXF HTTP transport
destination code where the headers are finally copied to the actual

thanks, Sergey

> In any case... The reset solved it for the REST response as well.
> Tamar
> -----Original Message-----
> From: Sergey Beryozkin []
> Sent: Monday, February 14, 2011 3:22 PM
> To:
> Subject: Re: REST response over https - no-cache always set
> I run the jaxrs https test locally, without explicitly setting Cache-Control no such
header is returned and if I call
> setNoCache(false):
> CacheControl control = new CacheControl(); control.setNoCache(false); return Response.ok().cacheControl(control).entity(doGetBook(id)).build();
> then the client code shows that no 'no-cache' value is present in the Cache-Control header.
> But the test is using the emdedded Jetty. Thus it seems like the servlet container that
you use forces this value.
> I'm looking at
> I guess what you can try to do is to have
> @Context
> HttpServletResponse response;
> injected and then do response.reset() before continuing using Response, just  to verify
it works.
> If it does then you may consider  coding against the injected HttpServletResponse only.
I'd also consider not injecting HttpServletResponse and instead creating a custom Servlet
filter which would only do
> response.reset()
> before delegating further.
> Let me know if it helps
> Sergey
> On Mon, Feb 14, 2011 at 12:46 PM, Sergey Beryozkin <> wrote:
>> Hi
>> Sorry for a delay...
>> On Mon, Feb 14, 2011 at 8:10 AM, Tamar Furman (tfurman)
>> <> wrote:
>>> Hi -
>>> I'm straggling this problem for several days and will appreciate any
>>> help.
>>> I'm using CXF 2.2.6 providing REST services over https. I have the
>>> following problem with download function via rest. The method returns
>>> and encapsulates in the content a download file. All
>>> works nice with Firefox but fails on IE8. There is a known bug on IE8
>>> that requires that such https response avoid 'no-cache' header.
>>> However no matter how I build the response header it seams that the
>>> ResponseBuilder puts in the 'no-cache' one and I can't get rid of it.
>>> Here is a snip of my code:
>>>                        CacheControl cc = new CacheControl();
>>>                        cc.setNoStore(true);
>>>                        cc.setNoCache(false);
>>>                        Response res = Response.ok(file).
>>>                                         type("application/octet").
>>>                                         cacheControl(cc).
>>>                                         header("Content-Disposition",
>>> "attachment; filename=" + fileName).
>>> header("Content-Length:",Long.toString(file.length())).
>>>                                         build();
>>> also tried:
>>>                         header("Cache-Control", "no-store").
>>>                         header("Cache-Control", "private, max-age=1").
>>>                         header("Pragma", "no-store").
>>> No matter what, I always see the following headers return to the client:
>>>        Pragma  No-cache
>>>        Cache-Control   no-cache, no-store;no-transform
>>> Any idea how can I solve this with this cxf ResponseBuilder?
>> What happens if you do not use the CacheControl utility at all ?
>> I'm wondering, is it the underlying HTTPS implementation that forces
>> the 'no-cache' value ?
>> Cheers, Sergey
>>> Thanks,
>>> T.

View raw message