tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zampani, Michael" <>
Subject RE: Cache-Control headers not being added to secure requests
Date Tue, 16 Aug 2011 21:20:38 GMT
It was my understanding that the fix for IE was just the securePagesWithPragma change, which
changes cache-control:no-cache to cache-control:private by default.  
According to the bug report, this should fix IE downloads even for secure requests.
The problem is, this entire block is now ignored for secure requests, which results in no
headers at all.
Have I misunderstood something?


-----Original Message-----
From: Richard Frovarp [] 
Sent: Tuesday, August 16, 2011 2:02 PM
To: Tomcat Users List
Subject: Re: Cache-Control headers not being added to secure requests

On 08/16/2011 03:57 PM, Christopher Schultz wrote:
> Hash: SHA1
> Michael,
> On 8/16/2011 4:42 PM, Zampani, Michael wrote:
>> I don't understand why it was ever present, though.  Does anybody 
>> know why you wouldn't want these headers on secure requests?
> The svn comment says " reduce the likelihood of issues when 
> downloading files with IE.". Presumably, [MS]IE has "issues" with 
> downloading files with those response headers.

Some versions of MSIE have problems downloading files depending on the cache-control header.
We've seen this with our course management system. 
 From what I've seen IE doesn't download files, it caches them, then copies them into place
on the filesystem. But due to the cache control headers, it couldn't copy the cached file
because it wasn't allowed to, causing trouble.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message