Cache-control on the UI encodes too much ---------------------------------------- Key: GTNPORTAL-3560 URL: https://issues.jboss.org/browse/GTNPORTAL-3560 Project: GateIn Portal Issue Type: Feature Request Reporter: Juraci Paixão Kröhling Assignee: Juraci Paixão Kröhling Fix For: 3.9.0.Final, 3.8.9.Alpha02 The cache-control directive, when specified on the UI, gets too much encoding when being set as a header. This means that it's not useful at the current state when more than one parameter for the cache-control is set: For instance, the string "no-cache, max-age=0, must-revalidate, no-store" becomes this header: {code}Cache-Control:no-cache%2C+max-age%3D0%2C+must-revalidate%2C+no-store{code} The input should be sanitized only for new lines, to avoid a "HTTP Response Splitting" attack.