SEC-2331: Include Expires: 0 in xsd and appendix
This commit is contained in:
Rob Winch
parent
8fed90c26c
commit
8087cde628
|
|
@ -746,7 +746,7 @@ hsts-options.attlist &=
|
||||||
attribute request-matcher-ref { xsd:token }?
|
attribute request-matcher-ref { xsd:token }?
|
||||||
|
|
||||||
cache-control =
|
cache-control =
|
||||||
## Adds Cache-Control no-cache, no-store, must-revalidate and Pragma no-cache every URL
|
## Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for every request
|
||||||
element cache-control {empty}
|
element cache-control {empty}
|
||||||
|
|
||||||
frame-options =
|
frame-options =
|
||||||
|
|
@ -818,4 +818,4 @@ position =
|
||||||
## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
|
## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
|
||||||
attribute position {named-security-filter}
|
attribute position {named-security-filter}
|
||||||
|
|
||||||
named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
|
named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
|
||||||
|
|
|
||||||
|
|
@ -2314,7 +2314,8 @@
|
||||||
</xs:attributeGroup>
|
</xs:attributeGroup>
|
||||||
<xs:element name="cache-control">
|
<xs:element name="cache-control">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
<xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate and Pragma no-cache every URL
|
<xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for
|
||||||
|
every request
|
||||||
</xs:documentation>
|
</xs:documentation>
|
||||||
</xs:annotation>
|
</xs:annotation>
|
||||||
<xs:complexType/>
|
<xs:complexType/>
|
||||||
|
|
|
||||||
|
|
@ -265,7 +265,7 @@
|
||||||
It enables easy configuration for several headers and also allows for setting custom headers through
|
It enables easy configuration for several headers and also allows for setting custom headers through
|
||||||
the <link linkend="nsa-header">header</link> element.
|
the <link linkend="nsa-header">header</link> element.
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem><literal>Cache-Control</literal> and <literal>Pragma</literal> - Can be set using the
|
<listitem><literal>Cache-Control</literal>, <literal>Pragma</literal>, and <literal>Expires</literal> - Can be set using the
|
||||||
<link linkend="nsa-cache-control">cache-control</link> element. This ensures that the
|
<link linkend="nsa-cache-control">cache-control</link> element. This ensures that the
|
||||||
browser does not cache your secured pages.</listitem>
|
browser does not cache your secured pages.</listitem>
|
||||||
<listitem><literal>Strict-Transport-Security</literal> - Can be set using the
|
<listitem><literal>Strict-Transport-Security</literal> - Can be set using the
|
||||||
|
|
@ -306,8 +306,8 @@
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="nsa-cache-control">
|
<section xml:id="nsa-cache-control">
|
||||||
<title><literal><cache-control></literal></title>
|
<title><literal><cache-control></literal></title>
|
||||||
<para>Adds <literal>Cache-Control</literal> and <literal>Pragma</literal> headers to ensure that the
|
<para>Adds <literal>Cache-Control</literal>, <literal>Pragma</literal>, and <literal>Expires</literal>
|
||||||
browser does not cache your secured pages.</para>
|
headers to ensure that the browser does not cache your secured pages.</para>
|
||||||
<section xml:id="nsa-cache-control-parents">
|
<section xml:id="nsa-cache-control-parents">
|
||||||
<title>Parent Elements of <literal><cache-control></literal></title>
|
<title>Parent Elements of <literal><cache-control></literal></title>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
|
|
||||||
|
|
@ -642,7 +642,7 @@ List<OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
|
||||||
<http ...>
|
<http ...>
|
||||||
...
|
...
|
||||||
<headers>
|
<headers>
|
||||||
<!-- Add Cache-Control and Pragma headers -->
|
<!-- Add Cache-Control, Pragma, and Expires headers -->
|
||||||
<cache-control/>
|
<cache-control/>
|
||||||
<!-- Add X-Content-Type-Options with value of nosniff -->
|
<!-- Add X-Content-Type-Options with value of nosniff -->
|
||||||
<content-type-options/>
|
<content-type-options/>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue