Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-2331: Include Expires: 0 in xsd and appendix

Rob Winch 12 years ago
parent
8fed90c26c
commit
8087cde628
4 changed files with 8 additions and 7 deletions
Split View Show Diff Stats
  1. 2 2
      config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
  2. 2 1
      config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
  3. 3 3
      docs/manual/src/docbook/appendix-namespace.xml
  4. 1 1
      docs/manual/src/docbook/namespace-config.xml

+ 2 - 2
config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
View File 

@@ -746,7 +746,7 @@ hsts-options.attlist &=
 
     attribute request-matcher-ref { xsd:token }?
 
 
 cache-control =
 
-    ## Adds Cache-Control no-cache, no-store, must-revalidate and Pragma no-cache every URL
 
+    ## Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for every request
 
     element cache-control {empty}
 
 
 frame-options =
 
@@ -818,4 +818,4 @@ position =
 
     ## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
 
     attribute position {named-security-filter}
 
 
-named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
 
+named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "WEB_ASYNC_MANAGER_FILTER" | "HEADERS_FILTER" | "CSRF_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" | "BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"

+ 2 - 1
config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
View File 

@@ -2314,7 +2314,8 @@
 
   </xs:attributeGroup>
 
   <xs:element name="cache-control">
 
       <xs:annotation>
 
-         <xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate and Pragma no-cache every URL
 
+         <xs:documentation>Adds Cache-Control no-cache, no-store, must-revalidate, Pragma no-cache, and Expires 0 for
 
+                every request
 
                 </xs:documentation>
 
       </xs:annotation>
 
       <xs:complexType/>

+ 3 - 3
docs/manual/src/docbook/appendix-namespace.xml
View File 

@@ -265,7 +265,7 @@
 
                 It enables easy configuration for several headers and also allows for setting custom headers through
 
                 the <link linkend="nsa-header">header</link> element.
 
                 <itemizedlist>
 
-                    <listitem><literal>Cache-Control</literal> and <literal>Pragma</literal> - Can be set using the
 
+                    <listitem><literal>Cache-Control</literal>, <literal>Pragma</literal>, and <literal>Expires</literal> - Can be set using the
 
                         <link linkend="nsa-cache-control">cache-control</link> element. This ensures that the
 
                         browser does not cache your secured pages.</listitem>
 
                     <listitem><literal>Strict-Transport-Security</literal> - Can be set using the
 
@@ -306,8 +306,8 @@
 
         </section>
 
         <section xml:id="nsa-cache-control">
 
             <title><literal>&lt;cache-control&gt;</literal></title>
 
-            <para>Adds <literal>Cache-Control</literal> and <literal>Pragma</literal> headers to ensure that the
 
-                browser does not cache your secured pages.</para>
 
+            <para>Adds <literal>Cache-Control</literal>, <literal>Pragma</literal>, and <literal>Expires</literal>
 
+                headers to ensure that the browser does not cache your secured pages.</para>
 
             <section xml:id="nsa-cache-control-parents">
 
                 <title>Parent Elements of <literal>&lt;cache-control&gt;</literal></title>
 
                 <itemizedlist>

+ 1 - 1
docs/manual/src/docbook/namespace-config.xml
View File 

@@ -642,7 +642,7 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
 
 <http ...>
 
     ...
 
     <headers>
 
-        <!-- Add Cache-Control and Pragma headers -->
 
+        <!-- Add Cache-Control, Pragma, and Expires headers -->
 
         <cache-control/>
 
         <!-- Add X-Content-Type-Options with value of nosniff -->
 
         <content-type-options/>