Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-790

RESTeasy Cache is not honoring Authorization and Cache-Control headers

    Details

      Description

      According to RFC 2616 Sec 14.8 a cache should not cache responses to requests with an 'Authorization' Header unless specific rules apply.

      This is not the case with RESTeasy. It can be verified by issuing a GET on a resource /foo and then issuing the same GET on /foo with 'Authorization':'bar' as the header. The second response MUST be processed by the origin server and ignored by the cache.

      The same should happen when 'Cache-Control' is set to 'No-Cache'.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                bill.burke Bill Burke
                Reporter:
                felipesere Felipe Sere
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: