Reset Expires header in WebContentGenerator when caching resources [SPR-14053]

[spring-projects-issues]

Manuel Bleichenbacher opened SPR-14053 and commented

When using Spring Security and setting a cache period for specific resource (see http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers-cache-control), inconsistent HTTP headers are issued as Spring security insert Expires: 0 and the Expires header is not reset.

The fix could probably be similar to #17843.

---

Affects: 4.2.5

Issue Links:

• Regression: ResourceHandlerRegistration setCachePeriod doesn't set the correct response header anymore [SPR-14005] #18577 Regression: ResourceHandlerRegistration setCachePeriod doesn't set the correct response header anymore
• Reset Pragma header in WebContentGenerator when caching resources [SPR-13252] #17843 Reset Pragma header in WebContentGenerator when caching resources
• Server-side HTTP caching improvements [SPR-11792] #16413 Server-side HTTP caching improvements

Referenced from: commits ed34ea4, 15fe827

0 votes, 5 watchers

[spring-projects-issues]

Juergen Hoeller commented

Yep, a key part of the motivation for that 4.2 revision was to avoid setting HTTP 1.0 headers. There is apparently some recent infrastructure out there which silently opts out of HTTP/2 if you set such outdated headers... And we're also celebrating 20 (!) years of HTTP 1.1 now; it's about time to only send HTTP 1.1 headers by default.

So from my perspective, the Expires header should simply not be set anymore. If we encounter it before we set our own Cache-Control value, we could simply remove it along the lines of what we do for Pragma in #17843: Although technically, we set Pragma to empty String there... I suppose primarily for Servlet 2.5 compatibility.

Juergen