summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-02-13 09:05:21 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-02-13 09:05:21 +0000
commitb88de1e3171d66de9003b9e13a4f060aa060766e (patch)
treeb6edc61aca9f19437ace0d21f08f1530bb98675d
parentfae884ae43c71bbb4ff1cc8f72988ca7007d614f (diff)
downloadmod_auth_mellon-b88de1e3171d66de9003b9e13a4f060aa060766e.zip
mod_auth_mellon-b88de1e3171d66de9003b9e13a4f060aa060766e.tar.gz
mod_auth_mellon-b88de1e3171d66de9003b9e13a4f060aa060766e.tar.xz
Simplify cache disabling headers.
This patch changes the headers sent to prevent errornous caching of the responses sent to only use a single header: Cache-Control: private, must-revalidate This single header should ensure that the data isn't shared between multiple users, and that the browser checks that the content is still valid for each request (enabling logout to work as expected). This drops the Exires-header, which should be unnecessary since all modern browsers support the Cache-Control-header. Thanks to Arthur Müller for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@223 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r--auth_mellon.h2
-rw-r--r--auth_mellon_handler.c4
-rw-r--r--auth_mellon_util.c32
3 files changed, 13 insertions, 25 deletions
diff --git a/auth_mellon.h b/auth_mellon.h
index e192850..f99cf6f 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -342,7 +342,7 @@ void am_delete_request_session(request_rec *r, am_cache_entry_t *session);
char *am_reconstruct_url(request_rec *r);
int am_check_permissions(request_rec *r, am_cache_entry_t *session);
-void am_set_nocache(request_rec *r);
+void am_set_cache_control_headers(request_rec *r);
int am_read_post_data(request_rec *r, char **data, apr_size_t *length);
char *am_extract_query_parameter(apr_pool_t *pool,
const char *query_string,
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index e471bdc..f93ba6e 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -3168,8 +3168,8 @@ int am_auth_mellon_user(request_rec *r)
return DECLINED;
}
- /* Disable all caching within this location. */
- am_set_nocache(r);
+ /* Set defaut Cache-Control headers within this location */
+ am_set_cache_control_headers(r);
/* Check if this is a request for one of our endpoints. We check if
* the uri starts with the path set with the MellonEndpointPath
diff --git a/auth_mellon_util.c b/auth_mellon_util.c
index c383d54..ad9e90a 100644
--- a/auth_mellon_util.c
+++ b/auth_mellon_util.c
@@ -391,9 +391,7 @@ int am_check_permissions(request_rec *r, am_cache_entry_t *session)
return OK;
}
-
-/* This function disables caching of the response to this request. It does
- * this by setting the Pragme: no-cache and Cache-Control: no-cache headers.
+/* This function sets default Cache-Control headers.
*
* Parameters:
* request_rec *r The request we are handling.
@@ -401,31 +399,21 @@ int am_check_permissions(request_rec *r, am_cache_entry_t *session)
* Returns:
* Nothing.
*/
-void am_set_nocache(request_rec *r)
+void am_set_cache_control_headers(request_rec *r)
{
- const char *user_agent;
-
- /* Setting the headers inn err_headers_out ensures that they will be
+ /* Send Cache-Control header to ensure that:
+ * - no proxy in the path caches content inside this location (private),
+ * - user agent have to revalidate content on server (must-revalidate).
+ *
+ * But never prohibit specifically any user agent to cache or store content
+ *
+ * Setting the headers in err_headers_out ensures that they will be
* sent for all responses.
*/
apr_table_setn(r->err_headers_out,
- "Expires", "Thu, 01 Jan 1970 00:00:00 GMT");
- apr_table_setn(r->err_headers_out,
- "Cache-Control", "private, must-revalidate");
-
- /*
- * Never use Cache-Control: no-cache for IE
- */
- user_agent = apr_table_get(r->headers_in, "User-Agent");
- if ((user_agent == NULL) ||
- (strstr(user_agent, "compatible; MSIE ") == NULL) ||
- (strstr(user_agent, "Opera") != NULL)) {
- apr_table_addn(r->err_headers_out,
- "Cache-Control", "no-cache, no-store");
- }
+ "Cache-Control", "private, must-revalidate");
}
-
/* This function reads the post data for a request.
*
* The data is stored in a buffer allocated from the request pool.