/**
* Flag to determine if we disable proxy caching with headers incompatible
- * with IE
+ * with IE.
*/
- protected boolean securePagesWithPragma = true;
+ protected boolean securePagesWithPragma = false;
/**
* The Java class name of the secure random number generator class to be
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
if (constraints != null && disableProxyCaching &&
- // FIXME: Disabled for Mozilla FORM support over SSL
- // (improper caching issue)
- //!request.isSecure() &&
+ !request.isSecure() &&
!"POST".equalsIgnoreCase(request.getMethod())) {
if (securePagesWithPragma) {
- // FIXME: These cause problems with downloading office docs
- // from IE under SSL and may not be needed for newer Mozilla
- // clients.
+ // Note: These can cause problems with downloading files with IE
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
} else {
<subsection name="Catalina">
<changelog>
<fix>
+ <bug>27122</bug>: Remove a workaround for a very old and since fixed
+ Mozilla bug and change the default value of the securePagesWithPragma
+ attribute of the Authenticator Valves to false. These changes should
+ reduce the likelihood of issues when downloading files with IE. (markt)
+ </fix>
+ <fix>
<bug>35054</bug>: Check that a file is not specified for a Host's
appBase and log an error if it is. (markt)
</fix>
caching issues in some browsers by using
<code>Cache-Control: private</code> rather than the default of
<code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
- If not set, the default value of <code>true</code> will be used.</p>
+ If not set, the default value of <code>false</code> will be used.</p>
</attribute>
<attribute name="secureRandomAlgorithm" required="false">
caching issues in some browsers by using
<code>Cache-Control: private</code> rather than the default of
<code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
- If not set, the default value of <code>true</code> will be used.</p>
+ If not set, the default value of <code>false</code> will be used.</p>
</attribute>
<attribute name="secureRandomAlgorithm" required="false">
caching issues in some browsers by using
<code>Cache-Control: private</code> rather than the default of
<code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
- If not set, the default value of <code>true</code> will be used.</p>
+ If not set, the default value of <code>false</code> will be used.</p>
</attribute>
<attribute name="secureRandomAlgorithm" required="false">
caching issues in some browsers by using
<code>Cache-Control: private</code> rather than the default of
<code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
- If not set, the default value of <code>true</code> will be used.</p>
+ If not set, the default value of <code>false</code> will be used.</p>
</attribute>
<attribute name="secureRandomAlgorithm" required="false">
caching issues in some browsers by using
<code>Cache-Control: private</code> rather than the default of
<code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
- If not set, the default value of <code>true</code> will be used.</p>
+ If not set, the default value of <code>false</code> will be used.</p>
</attribute>
<attribute name="secureRandomAlgorithm" required="false">
projects / tomcat7.0 / commitdiff