Reset Expires header in WebContentGenerator when caching resources [SPR-14053] #18625
When using Spring Security and setting a cache period for specific resource (see http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers-cache-control), inconsistent HTTP headers are issued as Spring security insert
The fix could probably be similar to #17843.
0 votes, 5 watchers
Juergen Hoeller commented
Yep, a key part of the motivation for that 4.2 revision was to avoid setting HTTP 1.0 headers. There is apparently some recent infrastructure out there which silently opts out of HTTP/2 if you set such outdated headers... And we're also celebrating 20 (!) years of HTTP 1.1 now; it's about time to only send HTTP 1.1 headers by default.
So from my perspective, the Expires header should simply not be set anymore. If we encounter it before we set our own Cache-Control value, we could simply remove it along the lines of what we do for Pragma in #17843: Although technically, we set Pragma to empty String there... I suppose primarily for Servlet 2.5 compatibility.