From 5fa144193c0d5ed2022e576431a20beead2bfeb8 Mon Sep 17 00:00:00 2001
From: edler-san <19165931+edler-san@users.noreply.github.com>
Date: Thu, 2 May 2019 13:26:14 +0200
Subject: Changed the handleSessionExpired logic to return a 404 instead of a
 410 and added the no-cache parameter to the reply. (#11556)

* Changed the handleSessionExpired logic to return a 404 instead of a 410. Also added the no-cache parameter to the reply.
See https://github.com/vaadin/framework/issues/4417 for discussion.
---
 .../java/com/vaadin/server/communication/HeartbeatHandler.java   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'server/src')

diff --git a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java
index ed2faad05a..07ab402514 100644
--- a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java
+++ b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java
@@ -89,7 +89,14 @@ public class HeartbeatHandler extends SynchronizedRequestHandler
             return false;
         }
 
-        response.sendError(HttpServletResponse.SC_GONE, "Session expired");
+        // Ensure that the browser does not cache expired response.
+        // iOS 6 Safari requires this (#10370)
+        response.setHeader("Cache-Control", "no-cache");
+        // If Content-Type is not set, browsers assume text/html and may
+        // complain about the empty response body (#12182)
+        response.setHeader("Content-Type", "text/plain");
+
+        response.sendError(HttpServletResponse.SC_NOT_FOUND, "Session expired");
         return true;
     }
 }
-- 
cgit v1.2.3