Note: Most HTTP/1.0 caches will not recognize or obey this This allows an origin server to prevent the re-use ofĬertain header fields in a response, while still allowing caching Subsequent request without successful revalidation with the origin Specified field-name(s) MUST NOT be sent in the response to a Subject to any other restrictions on caching. Then a cache MAY use the response to satisfy a subsequent request, If the no-cache directive does specify one or more field-names, Have been configured to return stale responses to client requests. ThisĪllows an origin server to prevent caching even by caches that Without successful revalidation with the origin server. If the no-cache directive does not specify a field-name, then aĬache MUST NOT use the response to satisfy a subsequent request Here is a quote from the HTTP 1.1 specification describing the “no-cache” header: To register the phase listener, just add this to your faces-config.xml: Response.addHeader("Cache-Control", "must-revalidate") Response.addHeader("Cache-Control", "no-store") Stronger according to blog comment below that references HTTP spec Response.addHeader("Cache-Control", "no-cache") Response.addHeader("Pragma", "no-cache") HttpServletResponse response = (HttpServletResponse) facesContext Public void beforePhase(PhaseEvent event)įacesContext facesContext = event.getFacesContext() Public class CacheControlPhaseListener implements PhaseListener As some of the comments indicate, browsers are finicky, and of course, we never trust the browser, anyway, so using this technique is certainly not a security guarantee of any kind. You can turn it off with this simple phase listener.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |