[richfaces-issues] [JBoss JIRA] Created: (RF-9345) Richfaces HTTP Header Cache-Control settings, need 'public'
igor regis (JIRA)
jira-events at lists.jboss.org
Sat Sep 11 15:22:19 EDT 2010
Richfaces HTTP Header Cache-Control settings, need 'public'
-----------------------------------------------------------
Key: RF-9345
URL: https://jira.jboss.org/browse/RF-9345
Project: RichFaces
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: performance
Affects Versions: 3.3.3.Final, 3.3.3.CR1, 3.3.3.BETA1, 3.3.2.SR1, 3.3.2.GA, 3.3.2.CR1, 3.3.1
Environment: This issue affect any web browser according to w3c specification
Reporter: igor regis
If an application is running over https the web browser will only cache on disk, the Richfaces resources, if and only if, the Cache-control header (present on http header) has the value "public" on it. Otherwise the web browser will perform in memory cache, so when user restarts the browser the application will need to request all the resources again.
For applications running on corporative network, manipulating sensitive information, it's mandatory the use of a secure connection through https protocol, and form better performance is necessary for Richfaces to provide it's resources with this "public" mark on cache-control tag.
According the w3c specs (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1) Richfaces resources may be classified as public content with non individual information.
Here (https://community.jboss.org/thread/150732?tstart=0) there is a discussion about this issue, as well as the point on Richfaces source code that need to be changed.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the richfaces-issues
mailing list