From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 29 Aug 2011 14:40:27 +0000 (+0000)
Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51712
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=b99f620517c6ec3b66d9bbff324e5cb7777cc98b;p=tomcat7.0

Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51712
Ensure cache control headers are sent even if request is secure.
Patch provided by Michael Zampani

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1162836 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index da01cc805..0eac4be44 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -476,7 +476,6 @@ public abstract class AuthenticatorBase extends ValveBase
         // Make sure that constrained resources are not cached by web proxies
         // or browsers as caching can provide a security hole
         if (constraints != null && disableProxyCaching && 
-            !request.isSecure() &&
             !"POST".equalsIgnoreCase(request.getMethod())) {
             if (securePagesWithPragma) {
                 // Note: These can cause problems with downloading files with IE