*/
public void setContentLength(int len);
+ /**
+ * Sets all conceivable headers that might prevent a response from being
+ * stored in any caches.
+ *
+ * @since
+ */
+ public default void setNoCacheHeaders() {
+ // no-store to disallow storing even if cache would be revalidated
+ // must-revalidate to not use stored value even if someone asks for it
+ setHeader("Cache-Control",
+ "no-cache, no-store, must-revalidate");
+
+ // Also set legacy values in case of old proxies in between
+ setHeader("Pragma", "no-cache");
+ setHeader("Expires", "0");
+ }
+
/**
* Gets the currently processed Vaadin response. The current response is
* automatically defined when the request is started. The current response
SystemMessages ci = getSystemMessages(ServletPortletHelper
.findLocale(null, vaadinSession, request), request);
try {
- writeStringResponse(response,
+ writeUncachedStringResponse(response,
JsonConstants.JSON_CONTENT_TYPE,
createCriticalNotificationJSON(
ci.getInternalErrorCaption(),
* The response reference
* @param contentType
* The content type of the response
- * @param reponseString
+ * @param responseString
* The actual response
* @throws IOException
* If an error occurred while writing the response
*/
public void writeStringResponse(VaadinResponse response, String contentType,
- String reponseString) throws IOException {
+ String responseString) throws IOException {
response.setContentType(contentType);
final OutputStream out = response.getOutputStream();
try (PrintWriter outWriter = new PrintWriter(
new BufferedWriter(new OutputStreamWriter(out, UTF_8)))) {
- outWriter.print(reponseString);
+ outWriter.print(responseString);
}
}
+ /**
+ * Writes the given string as a response with headers to prevent caching and
+ * using the given content type.
+ *
+ * @param response
+ * The response reference
+ * @param contentType
+ * The content type of the response
+ * @param responseString
+ * The actual response
+ * @throws IOException
+ * If an error occurred while writing the response
+ * @since
+ */
+ public void writeUncachedStringResponse(VaadinResponse response,
+ String contentType, String responseString) throws IOException {
+ // Response might contain sensitive information, so prevent all forms of
+ // caching
+ response.setNoCacheHeaders();
+
+ writeStringResponse(response, contentType, responseString);
+ }
+
/**
* Called when the session has expired and the request handling is therefore
* aborted.
public void criticalNotification(VaadinRequest request,
VaadinResponse response, String caption, String message,
String details, String url) throws IOException {
- writeStringResponse(response, JsonConstants.JSON_CONTENT_TYPE,
+ writeUncachedStringResponse(response, JsonConstants.JSON_CONTENT_TYPE,
createCriticalNotificationJSON(caption, message, details, url));
}
SystemMessages systemMessages = getService().getSystemMessages(
ServletPortletHelper.findLocale(null, null, request),
request);
- getService().writeStringResponse(response,
+ getService().writeUncachedStringResponse(response,
JsonConstants.JSON_CONTENT_TYPE,
VaadinService.createCriticalNotificationJSON(
systemMessages.getCookiesDisabledCaption(),
if (ServletPortletHelper.isUIDLRequest(request)) {
String output = VaadinService.createCriticalNotificationJSON(
caption, message, details, url);
- getService().writeStringResponse(response,
+ getService().writeUncachedStringResponse(response,
JsonConstants.JSON_CONTENT_TYPE, output);
} else {
// Create an HTML reponse with the error
if (url != null) {
output += "</a>";
}
- getService().writeStringResponse(response,
+ getService().writeUncachedStringResponse(response,
ApplicationConstants.CONTENT_TYPE_TEXT_HTML_UTF_8, output);
}
}
// The response was produced without errors so write it to the client
response.setContentType(JsonConstants.JSON_CONTENT_TYPE);
- // Response might contain sensitive information, so prevent caching
- // no-store to disallow storing even if cache would be revalidated
- // must-revalidate to not use stored value even if someone asks for it
- response.setHeader("Cache-Control",
- "no-cache, no-store, must-revalidate");
-
- // Also set legacy values in case of old proxies in between
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Expires", "0");
+ // Response might contain sensitive information, so prevent all forms of
+ // caching
+ response.setNoCacheHeaders();
byte[] b = json.getBytes(UTF_8);
response.setContentLength(b.length);
session.addUI(ui);
if (initException != null) {
ui.getSession().getCommunicationManager()
- .handleConnectorRelatedException(ui, initException);
+ .handleConnectorRelatedException(ui, initException);
}
// Warn if the window can't be preserved
if (embedId == null
String seckey = session.getCsrfToken();
return "\"" + ApplicationConstants.UIDL_SECURITY_TOKEN_ID + "\":\""
- + seckey + "\",";
+ + seckey + "\",";
}
/**
SystemMessages systemMessages = service.getSystemMessages(
ServletPortletHelper.findLocale(null, null, request), request);
- service.writeStringResponse(response, JsonConstants.JSON_CONTENT_TYPE,
+ service.writeUncachedStringResponse(response,
+ JsonConstants.JSON_CONTENT_TYPE,
VaadinService.createCriticalNotificationJSON(
systemMessages.getSessionExpiredCaption(),
systemMessages.getSessionExpiredMessage(), null,
VaadinResponse response = VaadinService.getCurrentResponse();
try {
- service.writeStringResponse(response,
+ service.writeUncachedStringResponse(response,
JsonConstants.JSON_CONTENT_TYPE,
VaadinService.createCriticalNotificationJSON(caption,
message, details, url));
projects / vaadin-framework.git / commitdiff