tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: [PROPOSAL] Add Post to the clear list for protected pages
Date Thu, 17 Jul 2003 03:38:48 GMT
Bill Barker wrote:

> At the moment (with the default settings), Tomcat 4.1.x and higher add
> HTTP headers to non-SSL protected pages to prevent intermediate proxies
> from
> caching them.  According to the HTTP/1.1 RFC (and even the HTTP/1.0 RFC),
> POSTed pages are not allowed to be cached by proxies (for the obvious
> reasons).  I'd like to add request.getMethod().equals("POST") to the list
> of conditions to *not* add the headers.

Not sure I understand :-)

The RFC requires that proxies don't cache POST requests. Are you saying 
we should *not* include the headers, because proxies will not cache anyway ?
Or to add the headers ? And what does it has to do with SSL ?

( I'm +0 any way )


> I'm happy if I can do this in 5.x, and ecstatic if I can back-port it to
> 4.1.x (since it almost removes my need to configure the Authenticator).

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message