Tomcat 6 - SSL - Cache headers

Discussion in 'Java' started by Chris Seidel, Dec 11, 2009.

  1. Chris Seidel

    Chris Seidel Guest

    Hi,

    wenn I add a security-constraint like this:

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>SSL</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

    to my web.xml, Tomcat automatically adds response headers which disable
    caching.

    This make sense, the data is confidential and shall not be cached anywhere.

    But: IE is now no longer able to show files via plugins, because it is not
    allowed to save the file into its cache and then transfer it to the
    plugin. This is a known problem, one can disable this behaviour by setting
    a registry key... Umpf.


    Questions:

    Why doesn't tomcat set this header if this security constraint does not
    exist, but the url is a httpS-url? This makes no sense for me.

    Why is Firefox be able to show the files via plugins? Is this a bug?

    How can I configure tomcat not to set these headers?

    Thank you.
    Chris Seidel, Dec 11, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dont bother
    Replies:
    0
    Views:
    766
    dont bother
    Mar 3, 2004
  2. Replies:
    0
    Views:
    623
  3. Mike Kraley

    Cache-control and Expires headers

    Mike Kraley, May 2, 2008, in forum: ASP .Net
    Replies:
    9
    Views:
    1,124
    WALDO
    Feb 24, 2009
  4. Phil
    Replies:
    4
    Views:
    658
    Gabriel Genellina
    Jan 17, 2010
  5. Ian
    Replies:
    2
    Views:
    1,907
Loading...

Share This Page