[richfaces-issues] [JBoss JIRA] Created: (RF-9345) Richfaces HTTP Header Cache-Control settings, need 'public'

[igor regis (JIRA)]

Richfaces HTTP Header Cache-Control settings, need 'public'
-----------------------------------------------------------

                 Key: RF-9345
                 URL: https://jira.jboss.org/browse/RF-9345
             Project: RichFaces
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: performance
    Affects Versions: 3.3.3.Final, 3.3.3.CR1, 3.3.3.BETA1, 3.3.2.SR1, 3.3.2.GA, 3.3.2.CR1, 3.3.1
         Environment: This issue affect any web browser according to w3c specification
            Reporter: igor regis


If an application is running over https the web browser will only cache on disk, the Richfaces resources, if and only if, the Cache-control header (present on http header) has the value "public" on it. Otherwise the web browser will perform in memory cache, so when user restarts the browser the application will need to request all the resources again.

For applications running on corporative network, manipulating sensitive information, it's mandatory the use of a secure connection through https protocol, and form better performance is necessary for Richfaces to provide it's resources with this "public" mark on cache-control tag.

According the w3c specs (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1) Richfaces resources may be classified as public content with non individual information.

Here (https://community.jboss.org/thread/150732?tstart=0) there is a discussion about this issue, as well as the point on Richfaces source code that need to be changed.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira