Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51712

Ensure cache control headers are sent even if request is secure.
Patch provided by Michael Zampani

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1162836 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index da01cc8..0eac4be 100644 (file)
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -476,7 +476,6 @@ public abstract class AuthenticatorBase extends ValveBase
         // Make sure that constrained resources are not cached by web proxies
         // or browsers as caching can provide a security hole
         if (constraints != null && disableProxyCaching && 
-            !request.isSecure() &&
             !"POST".equalsIgnoreCase(request.getMethod())) {
             if (securePagesWithPragma) {
                 // Note: These can cause problems with downloading files with IE