diff options
-rw-r--r-- | auth_mellon.h | 2 | ||||
-rw-r--r-- | auth_mellon_handler.c | 4 | ||||
-rw-r--r-- | auth_mellon_util.c | 32 |
3 files changed, 13 insertions, 25 deletions
diff --git a/auth_mellon.h b/auth_mellon.h index e192850..f99cf6f 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -342,7 +342,7 @@ void am_delete_request_session(request_rec *r, am_cache_entry_t *session); char *am_reconstruct_url(request_rec *r); int am_check_permissions(request_rec *r, am_cache_entry_t *session); -void am_set_nocache(request_rec *r); +void am_set_cache_control_headers(request_rec *r); int am_read_post_data(request_rec *r, char **data, apr_size_t *length); char *am_extract_query_parameter(apr_pool_t *pool, const char *query_string, diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index e471bdc..f93ba6e 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -3168,8 +3168,8 @@ int am_auth_mellon_user(request_rec *r) return DECLINED; } - /* Disable all caching within this location. */ - am_set_nocache(r); + /* Set defaut Cache-Control headers within this location */ + am_set_cache_control_headers(r); /* Check if this is a request for one of our endpoints. We check if * the uri starts with the path set with the MellonEndpointPath diff --git a/auth_mellon_util.c b/auth_mellon_util.c index c383d54..ad9e90a 100644 --- a/auth_mellon_util.c +++ b/auth_mellon_util.c @@ -391,9 +391,7 @@ int am_check_permissions(request_rec *r, am_cache_entry_t *session) return OK; } - -/* This function disables caching of the response to this request. It does - * this by setting the Pragme: no-cache and Cache-Control: no-cache headers. +/* This function sets default Cache-Control headers. * * Parameters: * request_rec *r The request we are handling. @@ -401,31 +399,21 @@ int am_check_permissions(request_rec *r, am_cache_entry_t *session) * Returns: * Nothing. */ -void am_set_nocache(request_rec *r) +void am_set_cache_control_headers(request_rec *r) { - const char *user_agent; - - /* Setting the headers inn err_headers_out ensures that they will be + /* Send Cache-Control header to ensure that: + * - no proxy in the path caches content inside this location (private), + * - user agent have to revalidate content on server (must-revalidate). + * + * But never prohibit specifically any user agent to cache or store content + * + * Setting the headers in err_headers_out ensures that they will be * sent for all responses. */ apr_table_setn(r->err_headers_out, - "Expires", "Thu, 01 Jan 1970 00:00:00 GMT"); - apr_table_setn(r->err_headers_out, - "Cache-Control", "private, must-revalidate"); - - /* - * Never use Cache-Control: no-cache for IE - */ - user_agent = apr_table_get(r->headers_in, "User-Agent"); - if ((user_agent == NULL) || - (strstr(user_agent, "compatible; MSIE ") == NULL) || - (strstr(user_agent, "Opera") != NULL)) { - apr_table_addn(r->err_headers_out, - "Cache-Control", "no-cache, no-store"); - } + "Cache-Control", "private, must-revalidate"); } - /* This function reads the post data for a request. * * The data is stored in a buffer allocated from the request pool. |