tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject [PROPOSAL] Add Post to the clear list for protected pages
Date Wed, 16 Jul 2003 05:30:20 GMT
At the moment (with the default settings), Tomcat 4.1.x and higher add HTTP
headers to non-SSL protected pages to prevent intermediate proxies from
caching them.  According to the HTTP/1.1 RFC (and even the HTTP/1.0 RFC),
POSTed pages are not allowed to be cached by proxies (for the obvious
reasons).  I'd like to add request.getMethod().equals("POST") to the list of
conditions to *not* add the headers.

I'm happy if I can do this in 5.x, and ecstatic if I can back-port it to
4.1.x (since it almost removes my need to configure the Authenticator).



Mime
View raw message