Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reset Expires header in WebContentGenerator when caching resources [SPR-14053] #18625

Closed
spring-issuemaster opened this issue Mar 15, 2016 · 1 comment
Assignees
Milestone

Comments

@spring-issuemaster
Copy link
Collaborator

@spring-issuemaster spring-issuemaster commented Mar 15, 2016

Manuel Bleichenbacher opened SPR-14053 and commented

When using Spring Security and setting a cache period for specific resource (see http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers-cache-control), inconsistent HTTP headers are issued as Spring security insert Expires: 0 and the Expires header is not reset.

The fix could probably be similar to #17843.


Affects: 4.2.5

Issue Links:

  • #18577 Regression: ResourceHandlerRegistration setCachePeriod doesn't set the correct response header anymore
  • #17843 Reset Pragma header in WebContentGenerator when caching resources
  • #16413 Server-side HTTP caching improvements

Referenced from: commits ed34ea4, 15fe827

0 votes, 5 watchers

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Mar 16, 2016

Juergen Hoeller commented

Yep, a key part of the motivation for that 4.2 revision was to avoid setting HTTP 1.0 headers. There is apparently some recent infrastructure out there which silently opts out of HTTP/2 if you set such outdated headers... And we're also celebrating 20 (!) years of HTTP 1.1 now; it's about time to only send HTTP 1.1 headers by default.

So from my perspective, the Expires header should simply not be set anymore. If we encounter it before we set our own Cache-Control value, we could simply remove it along the lines of what we do for Pragma in #17843: Although technically, we set Pragma to empty String there... I suppose primarily for Servlet 2.5 compatibility.

Juergen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.