HttpServletRequest.
+ * Represents central information from a {@code HttpServletRequest}.
*
* This class is used by {@link org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter}
* and {@link org.springframework.security.web.savedrequest.SavedRequestAwareWrapper} to
@@ -51,6 +42,7 @@ import org.springframework.util.Assert;
* @author Craig McClanahan
* @author Andrey Grebnev
* @author Ben Alex
+ * @author Luke Taylor
*/
public class DefaultSavedRequest implements SavedRequest {
//~ Static fields/initializers =====================================================================================
@@ -58,6 +50,7 @@ public class DefaultSavedRequest implements SavedRequest {
protected static final Log logger = LogFactory.getLog(DefaultSavedRequest.class);
private static final String HEADER_IF_NONE_MATCH = "If-None-Match";
+ private static final String HEADER_IF_MODIFIED_SINCE = "If-Modified-Since";
//~ Instance fields ================================================================================================
@@ -97,8 +90,8 @@ public class DefaultSavedRequest implements SavedRequest {
while (names.hasMoreElements()) {
String name = names.nextElement();
- // Skip If-None-Match header. SEC-1412.
- if (HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
+ // Skip If-Modified-Since and If-None-Match header. SEC-1412, SEC-1624.
+ if (HEADER_IF_MODIFIED_SINCE.equalsIgnoreCase(name) || HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
continue;
}
Enumeration