]> source.dussan.org Git - vaadin-framework.git/commitdiff
projects / vaadin-framework.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e8c879)
Set no-store headers for error responses (#10628)
authorLeif Åstrand <legioth@gmail.com>
Tue, 13 Feb 2018 12:58:33 +0000 (14:58 +0200)
committerIlia Motornyi <elmot@vaadin.com>
Wed, 28 Feb 2018 09:55:15 +0000 (12:55 +0300)
server/src/main/java/com/vaadin/server/VaadinResponse.java patch | blob | history
server/src/main/java/com/vaadin/server/VaadinService.java patch | blob | history
server/src/main/java/com/vaadin/server/VaadinServlet.java patch | blob | history
server/src/main/java/com/vaadin/server/communication/UIInitHandler.java patch | blob | history
server/src/main/java/com/vaadin/server/communication/UidlRequestHandler.java patch | blob | history
uitest/src/main/java/com/vaadin/tests/application/CriticalNotifications.java patch | blob | history

diff --git a/server/src/main/java/com/vaadin/server/VaadinResponse.java b/server/src/main/java/com/vaadin/server/VaadinResponse.java
index e3422d1d485cbb37d8971198f1e3b2b9878259af..7414b8d97ca1bb434cf6ade504c292d0d4536158 100644 (file)
--- a/server/src/main/java/com/vaadin/server/VaadinResponse.java
+++ b/server/src/main/java/com/vaadin/server/VaadinResponse.java
@@ -185,6 +185,23 @@ public interface VaadinResponse extends Serializable {
      */
     public void setContentLength(int len);
 
+    /**
+     * Sets all conceivable headers that might prevent a response from being
+     * stored in any caches.
+     *
+     * @since
+     */
+    public default void setNoCacheHeaders() {
+        // no-store to disallow storing even if cache would be revalidated
+        // must-revalidate to not use stored value even if someone asks for it
+        setHeader("Cache-Control",
+                "no-cache, no-store, must-revalidate");
+
+        // Also set legacy values in case of old proxies in between
+        setHeader("Pragma", "no-cache");
+        setHeader("Expires", "0");
+    }
+
     /**
      * Gets the currently processed Vaadin response. The current response is
      * automatically defined when the request is started. The current response
diff --git a/server/src/main/java/com/vaadin/server/VaadinService.java b/server/src/main/java/com/vaadin/server/VaadinService.java
index 9b9c7fd91378fb2d8b6097924128066c5a5147ac..f995de0b5fefb8d345eb614c0db9017f86c01aa6 100644 (file)
--- a/server/src/main/java/com/vaadin/server/VaadinService.java
+++ b/server/src/main/java/com/vaadin/server/VaadinService.java
@@ -1635,7 +1635,7 @@ public abstract class VaadinService implements Serializable {
                 SystemMessages ci = getSystemMessages(ServletPortletHelper
                         .findLocale(null, vaadinSession, request), request);
                 try {
-                    writeStringResponse(response,
+                    writeUncachedStringResponse(response,
                             JsonConstants.JSON_CONTENT_TYPE,
                             createCriticalNotificationJSON(
                                     ci.getInternalErrorCaption(),
@@ -1667,23 +1667,46 @@ public abstract class VaadinService implements Serializable {
      *            The response reference
      * @param contentType
      *            The content type of the response
-     * @param reponseString
+     * @param responseString
      *            The actual response
      * @throws IOException
      *             If an error occurred while writing the response
      */
     public void writeStringResponse(VaadinResponse response, String contentType,
-            String reponseString) throws IOException {
+            String responseString) throws IOException {
 
         response.setContentType(contentType);
 
         final OutputStream out = response.getOutputStream();
         try (PrintWriter outWriter = new PrintWriter(
                 new BufferedWriter(new OutputStreamWriter(out, UTF_8)))) {
-            outWriter.print(reponseString);
+            outWriter.print(responseString);
         }
     }
 
+    /**
+     * Writes the given string as a response with headers to prevent caching and
+     * using the given content type.
+     *
+     * @param response
+     *            The response reference
+     * @param contentType
+     *            The content type of the response
+     * @param responseString
+     *            The actual response
+     * @throws IOException
+     *             If an error occurred while writing the response
+     * @since
+     */
+    public void writeUncachedStringResponse(VaadinResponse response,
+            String contentType, String responseString) throws IOException {
+        // Response might contain sensitive information, so prevent all forms of
+        // caching
+        response.setNoCacheHeaders();
+
+        writeStringResponse(response, contentType, responseString);
+    }
+
     /**
      * Called when the session has expired and the request handling is therefore
      * aborted.
@@ -1802,7 +1825,7 @@ public abstract class VaadinService implements Serializable {
     public void criticalNotification(VaadinRequest request,
             VaadinResponse response, String caption, String message,
             String details, String url) throws IOException {
-        writeStringResponse(response, JsonConstants.JSON_CONTENT_TYPE,
+        writeUncachedStringResponse(response, JsonConstants.JSON_CONTENT_TYPE,
                 createCriticalNotificationJSON(caption, message, details, url));
     }
 
diff --git a/server/src/main/java/com/vaadin/server/VaadinServlet.java b/server/src/main/java/com/vaadin/server/VaadinServlet.java
index 62bfeb02071172f76135abeec4568951994bc0c3..e9b30e9e87154497624f00beb88fa14536c6a128 100644 (file)
--- a/server/src/main/java/com/vaadin/server/VaadinServlet.java
+++ b/server/src/main/java/com/vaadin/server/VaadinServlet.java
@@ -578,7 +578,7 @@ public class VaadinServlet extends HttpServlet implements Constants {
                 SystemMessages systemMessages = getService().getSystemMessages(
                         ServletPortletHelper.findLocale(null, null, request),
                         request);
-                getService().writeStringResponse(response,
+                getService().writeUncachedStringResponse(response,
                         JsonConstants.JSON_CONTENT_TYPE,
                         VaadinService.createCriticalNotificationJSON(
                                 systemMessages.getCookiesDisabledCaption(),
@@ -625,7 +625,7 @@ public class VaadinServlet extends HttpServlet implements Constants {
         if (ServletPortletHelper.isUIDLRequest(request)) {
             String output = VaadinService.createCriticalNotificationJSON(
                     caption, message, details, url);
-            getService().writeStringResponse(response,
+            getService().writeUncachedStringResponse(response,
                     JsonConstants.JSON_CONTENT_TYPE, output);
         } else {
             // Create an HTML reponse with the error
@@ -649,7 +649,7 @@ public class VaadinServlet extends HttpServlet implements Constants {
             if (url != null) {
                 output += "</a>";
             }
-            getService().writeStringResponse(response,
+            getService().writeUncachedStringResponse(response,
                     ApplicationConstants.CONTENT_TYPE_TEXT_HTML_UTF_8, output);
         }
     }
diff --git a/server/src/main/java/com/vaadin/server/communication/UIInitHandler.java b/server/src/main/java/com/vaadin/server/communication/UIInitHandler.java
index 12a04c1509630e2082deb0e6917a3773f2de0804..93356a15198e8998fc296bef65340172c72eb201 100644 (file)
--- a/server/src/main/java/com/vaadin/server/communication/UIInitHandler.java
+++ b/server/src/main/java/com/vaadin/server/communication/UIInitHandler.java
@@ -109,15 +109,9 @@ public abstract class UIInitHandler extends SynchronizedRequestHandler {
         // The response was produced without errors so write it to the client
         response.setContentType(JsonConstants.JSON_CONTENT_TYPE);
 
-        // Response might contain sensitive information, so prevent caching
-        // no-store to disallow storing even if cache would be revalidated
-        // must-revalidate to not use stored value even if someone asks for it
-        response.setHeader("Cache-Control",
-                "no-cache, no-store, must-revalidate");
-
-        // Also set legacy values in case of old proxies in between
-        response.setHeader("Pragma", "no-cache");
-        response.setHeader("Expires", "0");
+        // Response might contain sensitive information, so prevent all forms of
+        // caching
+        response.setNoCacheHeaders();
 
         byte[] b = json.getBytes(UTF_8);
         response.setContentLength(b.length);
@@ -228,7 +222,7 @@ public abstract class UIInitHandler extends SynchronizedRequestHandler {
         session.addUI(ui);
         if (initException != null) {
             ui.getSession().getCommunicationManager()
-                    .handleConnectorRelatedException(ui, initException);
+            .handleConnectorRelatedException(ui, initException);
         }
         // Warn if the window can't be preserved
         if (embedId == null
@@ -316,7 +310,7 @@ public abstract class UIInitHandler extends SynchronizedRequestHandler {
         String seckey = session.getCsrfToken();
 
         return "\"" + ApplicationConstants.UIDL_SECURITY_TOKEN_ID + "\":\""
-                + seckey + "\",";
+        + seckey + "\",";
     }
 
     /**
diff --git a/server/src/main/java/com/vaadin/server/communication/UidlRequestHandler.java b/server/src/main/java/com/vaadin/server/communication/UidlRequestHandler.java
index 3aedcd2472126498c0a50809fa31db30d0869265..e7fabf752e45c970e19a964a5725aa6a867c8c8e 100644 (file)
--- a/server/src/main/java/com/vaadin/server/communication/UidlRequestHandler.java
+++ b/server/src/main/java/com/vaadin/server/communication/UidlRequestHandler.java
@@ -164,7 +164,8 @@ public class UidlRequestHandler extends SynchronizedRequestHandler
         SystemMessages systemMessages = service.getSystemMessages(
                 ServletPortletHelper.findLocale(null, null, request), request);
 
-        service.writeStringResponse(response, JsonConstants.JSON_CONTENT_TYPE,
+        service.writeUncachedStringResponse(response,
+                JsonConstants.JSON_CONTENT_TYPE,
                 VaadinService.createCriticalNotificationJSON(
                         systemMessages.getSessionExpiredCaption(),
                         systemMessages.getSessionExpiredMessage(), null,
diff --git a/uitest/src/main/java/com/vaadin/tests/application/CriticalNotifications.java b/uitest/src/main/java/com/vaadin/tests/application/CriticalNotifications.java
index b0e88b102b13d99b923f31af744b942aacd7da62..792043eae05839f9be618b4a4f55c86be5360f61 100644 (file)
--- a/uitest/src/main/java/com/vaadin/tests/application/CriticalNotifications.java
+++ b/uitest/src/main/java/com/vaadin/tests/application/CriticalNotifications.java
@@ -96,7 +96,7 @@ public class CriticalNotifications extends AbstractReindeerTestUI {
         VaadinResponse response = VaadinService.getCurrentResponse();
 
         try {
-            service.writeStringResponse(response,
+            service.writeUncachedStringResponse(response,
                     JsonConstants.JSON_CONTENT_TYPE,
                     VaadinService.createCriticalNotificationJSON(caption,
                             message, details, url));
Vaadin 6, 7, 8 is a Java framework for modern Java web applications: https://github.com/vaadin/framework