tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6709] - Images on protected areas have not "Last modified" header
Date Wed, 27 Feb 2002 21:11:10 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709

Images on protected areas have not "Last modified" header





------- Additional Comments From jemiller@uchicago.edu  2002-02-27 21:11 -------
The solution to this bug should in my opinion allow a developer to override 
the caching settings that are specified by default by the server for resources 
that are protected by a <security-constraint>. You should be able to do this 
using one of Tomcat's settings files.

Allowing local caching of content that is served over SSL is a valid thing to 
do.

Why is it that Tomcat's behavior is different than Apache HTTP Server with 
SSL? Apache HTTP Server with SSL does not add any cache control headers for 
content served over SSL.

I don't have an issue with the fact that by default caching is turned off. I 
think that it is a good thing, if it helps improve security. However, not 
having a way to change the setting is a design flaw/bug.

I also would still like to know why the "expires" header is being set. As far 
as I know you shouldn't have to set this header in order to turn off caching.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message