[richfaces-issues] [JBoss JIRA] Updated: (RF-9345) Richfaces HTTP Header Cache-Control settings, need 'public'

Richfaces HTTP Header Cache-Control settings, need 'public' ----------------------------------------------------------- Key: RF-9345 URL: https://issues.jboss.org/browse/RF-9345 Project: RichFaces Issue Type: Feature Request Security Level: Public(Everyone can see) Components: optimization Affects Versions: 3.3.1, 3.3.2.CR1, 3.3.2.GA, 3.3.2.SR1, 3.3.3.BETA1, 3.3.3.CR1, 3.3.3.Final Environment: This issue affect any web browser according to w3c specification Reporter: igor regis Assignee: Nick Belaevski Fix For: 4.Next Attachments: RF-9345.patch If an application is running over https the web browser will only cache on disk, the Richfaces resources, if and only if, the Cache-control header (present on http header) has the value "public" on it. Otherwise the web browser will perform in memory cache, so when user restarts the browser the application will need to request all the resources again. For applications running on corporative network, manipulating sensitive information, it's mandatory the use of a secure connection through https protocol, and form better performance is necessary for Richfaces to provide it's resources with this "public" mark on cache-control tag. According the w3c specs (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1) Richfaces resources may be classified as public content with non individual information. Here (https://community.jboss.org/thread/150732?tstart=0) there is a discussion about this issue, as well as the point on Richfaces source code that need to be changed.