Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cache Control disabled for 304

Browse Source 
Fixes: gh-5534
This commit is contained in:
Rob Winch 2018-07-17 22:13:33 -05:00
parent f0f678d61e
commit d468d7e6da
4 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/main/java/org/springframework/security/web/header/writers/CacheControlHeadersWriter.java
View File

@ -22,6 +22,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.header.Header; import org.springframework.security.web.header.Header;
import org.springframework.security.web.header.HeaderWriter; import org.springframework.security.web.header.HeaderWriter;
import org.springframework.util.ReflectionUtils; import org.springframework.util.ReflectionUtils;
@ -59,7 +60,7 @@ public final class CacheControlHeadersWriter implements HeaderWriter {
@Override @Override
public void writeHeaders(HttpServletRequest request, HttpServletResponse response) { public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
if (hasHeader(response, CACHE_CONTROL) || hasHeader(response, EXPIRES) if (hasHeader(response, CACHE_CONTROL) || hasHeader(response, EXPIRES)
|| hasHeader(response, PRAGMA)) { || hasHeader(response, PRAGMA) || response.getStatus() == HttpStatus.NOT_MODIFIED.value()) {
return; return;
} }
this.delegate.writeHeaders(request, response); this.delegate.writeHeaders(request, response);

4
web/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
View File

@ -16,6 +16,7 @@
package org.springframework.security.web.server.header; package org.springframework.security.web.server.header;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
@ -61,6 +62,9 @@ public class CacheControlServerHttpHeadersWriter implements ServerHttpHeadersWri
@Override @Override
public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) { public Mono<Void> writeHttpHeaders(ServerWebExchange exchange) {
if (exchange.getResponse().getStatusCode() == HttpStatus.NOT_MODIFIED) {
return Mono.empty();
}
return CACHE_HEADERS.writeHttpHeaders(exchange); return CACHE_HEADERS.writeHttpHeaders(exchange);
} }

11
web/src/test/java/org/springframework/security/web/header/writers/CacheControlHeadersWriterTests.java
View File

@ -23,6 +23,7 @@ import org.junit.runner.RunWith;
import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest; import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
import org.powermock.modules.junit4.PowerMockRunner; import org.powermock.modules.junit4.PowerMockRunner;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.util.ReflectionUtils; import org.springframework.util.ReflectionUtils;
@ -124,4 +125,14 @@ public class CacheControlHeadersWriterTests {
assertThat(this.response.getHeaderValue("Cache-Control")).isNull(); assertThat(this.response.getHeaderValue("Cache-Control")).isNull();
assertThat(this.response.getHeaderValue("Pragma")).isNull(); assertThat(this.response.getHeaderValue("Pragma")).isNull();
} }
@Test
// gh-5534
public void writeHeadersDisabledIfNotModified() {
this.response.setStatus(HttpStatus.NOT_MODIFIED.value());
this.writer.writeHeaders(this.request, this.response);
assertThat(this.response.getHeaderNames()).isEmpty();
}
} }

11
web/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
View File

@ -19,6 +19,7 @@ import static org.assertj.core.api.Assertions.assertThat;
import org.junit.Test; import org.junit.Test;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest; import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.web.server.MockServerWebExchange; import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
@ -83,4 +84,14 @@ public class CacheControlServerHttpHeadersWriterTests {
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(expires); assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(expires);
} }
@Test
// gh-5534
public void writeHeadersWhenNotModifiedThenNoCacheControlHeaders() {
exchange.getResponse().setStatusCode(HttpStatus.NOT_MODIFIED);
writer.writeHttpHeaders(exchange);
assertThat(headers).isEmpty();
}
} }