[richfaces-issues] [JBoss JIRA] (RF-11888) Resource Servlet can't handle query string appended to resource url

Lukáš Fryč (JIRA) jira-events at lists.jboss.org
Fri Jan 27 07:09:49 EST 2012 

    [ https://issues.jboss.org/browse/RF-11888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12662404#comment-12662404 ] 

Lukáš Fryč commented on RF-11888:
---------------------------------

You certainly don't need to append version suffix for RichFaces pre-generated resources,

but for other resources served by ResourceServlet, you might want to.


We are limiting what query parameters can be appended to ResourceServlet managed requests since there are security implications when user could append whatever query param (like {{ln=*}}).

However I'm open to discuss addition of some safe attributes like {{v=*}}
which would enable us to use versions with custom resources served by ResourceServlet (refered to as "resource mapping" feature).
                
> Resource Servlet can't handle query string appended to resource url
> -------------------------------------------------------------------
>
>                 Key: RF-11888
>                 URL: https://issues.jboss.org/browse/RF-11888
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: resource handling
>    Affects Versions: 4.1.0.Final
>         Environment: Glassfish 3.1.1 (NO Tomcat)/Mojarra 2.1.3 Chrome browser - 
>            Reporter: Brendan Healey
>            Assignee: Lukáš Fryč
>            Priority: Critical
>
> A custom resource handler (http://blogs.oracle.com/rlubke/entry/jsf_2_0_new_feature)
> can be used to append a version string (i.e. ?v=23) to a resource url to force a
> browser to refresh a resource rather than use any cached version.
> At present any appending of a version string causes a 404 response status, for example:
> Request URL:
> https://localhost:8181/MyApp/org.richfaces.resources/javax.faces.resource/org.richfaces.staticResource/4.1.0.Final/PackedCompressed/blueSky/packed/packed.css?v=23
> Removing the url parameter makes it work ok. As you can see I have resourceMapping
> enabled.
> This is essential to cause a browser to issue a request to the server if a static
> resource is held in a browser cache and is not expired, but you've upgraded the
> richfaces version. You have to have a way to invalidate the cache, and I'm not
> seeing how this can be done in a sensible way. You can set the Cache-Control
> no-cache header, but I'd need to do this in a way that says "I've just upgraded
> richfaces, so don't use the cache, issue a request to the server for the resource,
> but cache the result and use this until the next time".

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-issues mailing list