tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: How to remove http headers?
Date Mon, 14 Apr 2003 13:11:21 GMT


>This does not happen with normal unsecure files, only secure files.
>You can test this yourself with for example the manager application.

Ahhh.  That makes more sense now, because I know tomcat doesn't add them
to normal responses.  Secure ones are a different story.  The "secure"
flag gets set in the connector, which makes it ensure responses are not

>However "Pragma" has only one valid value: "no-cache"
>So you really can't modify it to something else.

Actually, Pragma: no-cache in itself is an invalid value.  See RFC 2616
Section 13.2.  Unfortunately this header is used and supported widely
enough that it may as well be valid in the spec ;(

That said, you can put any value you want for pragma: i.e. invalid ones
that'll be ignored ;)

>And also any of this isn't really useful when there is also
>an "Expires" header and I can't modify that value since I have
>no idea when the file will expire in the future.

You should have an idea when the file will expire: typically secure
content should never be cached.  However, in your application there
should be a set amount of time after which you'd like the user to
re-create whatever they did to get the file, as the user's permissions
may have changed.  This may be years from now, but nonetheless it is
some non-zero value which you can set in the Expires header, overriding
the 0 value.

Or alternatively to all this toying around with headers, take a look
inside org.apache.coyote.tomcat4.CoyoteConnector and see how the
"secure" and scheme="https" values affect the connector behavior.  If
you don't like what you see, submit an issue in Bugzilla with the
specific behavior you don't like, why you don't like it, and how you
would like to see it changed.

Yoav Shapira
Millennium ChemInformatics

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message