Don't cache requests with `Accept: text/event-stream` by default.
The eventstream requests is typically not directly invoked by the browser. And even more unfortunately the Browser-Api doesn't allow the set additional headers as `XMLHttpRequest`..
This commit is contained in:
parent
29182abb34
commit
cc956a66df
|
@ -162,6 +162,7 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
|
|||
matchers.add(notMatchingMediaType(http, MediaType.APPLICATION_JSON));
|
||||
matchers.add(notXRequestedWith);
|
||||
matchers.add(notMatchingMediaType(http, MediaType.MULTIPART_FORM_DATA));
|
||||
matchers.add(notMatchingMediaType(http, MediaType.TEXT_EVENT_STREAM));
|
||||
|
||||
return new AndRequestMatcher(matchers);
|
||||
}
|
||||
|
|
|
@ -183,6 +183,21 @@ public class RequestCacheConfigurerTests {
|
|||
|
||||
// This is desirable since XHR requests are typically not invoked directly from the browser and we don't want the browser to replay them
|
||||
}
|
||||
@Test
|
||||
public void getWhenBookmarkedRequestIsTextEventStreamThenPostAuthenticationRedirectsToRoot() throws Exception {
|
||||
this.spring.register(RequestCacheDefaultsConfig.class, DefaultSecurityConfig.class).autowire();
|
||||
|
||||
MockHttpSession session = (MockHttpSession)
|
||||
this.mvc.perform(get("/messages")
|
||||
.header(HttpHeaders.ACCEPT, MediaType.TEXT_EVENT_STREAM))
|
||||
.andExpect(redirectedUrl("http://localhost/login"))
|
||||
.andReturn().getRequest().getSession();
|
||||
|
||||
this.mvc.perform(formLogin(session))
|
||||
.andExpect(redirectedUrl("/")); // ignores text/event-stream
|
||||
|
||||
// This is desirable since event-stream requests are typically not invoked directly from the browser and we don't want the browser to replay them
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenBookmarkedRequestIsAllMediaTypeThenPostAuthenticationRemembers() throws Exception {
|
||||
|
|
Loading…
Reference in New Issue