diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy index 55aa4e1736..090a83f6e4 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy @@ -79,6 +79,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache', + 'Expires' : '0', 'X-XSS-Protection' : '1; mode=block'] } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy index 5af8dd9401..4b308733ee 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy @@ -49,6 +49,7 @@ class HeadersConfigurerTests extends BaseSpringSpec { 'X-Frame-Options':'DENY', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', + 'Expires' : '0', 'Pragma':'no-cache', 'X-XSS-Protection' : '1; mode=block'] } @@ -128,6 +129,7 @@ class HeadersConfigurerTests extends BaseSpringSpec { springSecurityFilterChain.doFilter(request,response,chain) then: responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', + 'Expires' : '0', 'Pragma':'no-cache'] } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy index fdffc74922..5a99e30906 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.groovy @@ -49,6 +49,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec { 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', 'Pragma':'no-cache', + 'Expires' : '0', 'X-XSS-Protection' : '1; mode=block'] } @@ -69,6 +70,7 @@ public class NamespaceHttpHeadersTests extends BaseSpringSpec { springSecurityFilterChain.doFilter(request,response,chain) then: responseHeaders == ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', + 'Expires' : '0', 'Pragma':'no-cache'] } diff --git a/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy index f71350a8ef..29501311c4 100644 --- a/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy @@ -54,6 +54,7 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { 'X-Frame-Options':'DENY', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', + 'Expires' : '0', 'Pragma':'no-cache', 'X-XSS-Protection' : '1; mode=block']) } @@ -332,7 +333,9 @@ class HttpHeadersConfigTests extends AbstractHttpConfigTests { when: springSecurityFilterChain.doFilter(new MockHttpServletRequest(), response, new MockFilterChain()) then: - assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate','Pragma':'no-cache']) + assertHeaders(response, ['Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', + 'Expires' : '0', + 'Pragma':'no-cache']) } def 'http headers hsts'() { diff --git a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java index 0699351a54..5c61994e1b 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java @@ -44,6 +44,7 @@ public final class CacheControlHeadersWriter extends StaticHeadersWriter { List
headers = new ArrayList
(2); headers.add(new Header("Cache-Control","no-cache, no-store, max-age=0, must-revalidate")); headers.add(new Header("Pragma","no-cache")); + headers.add(new Header("Expires","0")); return headers; } } diff --git a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java index 71df5c060a..7678bae5a0 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java @@ -47,8 +47,9 @@ public class CacheControlHeadersWriterTests { public void writeHeaders() { writer.writeHeaders(request, response); - assertThat(response.getHeaderNames().size()).isEqualTo(2); + assertThat(response.getHeaderNames().size()).isEqualTo(3); assertThat(response.getHeaderValues("Cache-Control")).isEqualTo(Arrays.asList("no-cache, no-store, max-age=0, must-revalidate")); assertThat(response.getHeaderValues("Pragma")).isEqualTo(Arrays.asList("no-cache")); + assertThat(response.getHeaderValues("Expires")).isEqualTo(Arrays.asList("0")); } }