vidyuthd / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

SecurityWrapperResponse setStatus should not always set SC_OK #261

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
When HTTP 304 is returned back from the underlying web application, 
SecurityWrapperResponse transforms this code to 200. It results to corrupted 
caching behavior in IE, Opera,... 

maybe some kind of below logic should be better

public void setStatus(int sc) {
 if (sc != SC_MOVED_PERMANENTLY
  && sc != SC_MOVED_TEMPORARILY
  && sc != SC_CONTINUE
  && sc != SC_CREATED
  && sc != SC_NO_CONTENT
  && sc != SC_NOT_MODIFIED
  && sc != SC_PARTIAL_CONTENT
  && sc != SC_TEMPORARY_REDIRECT) {
   getHttpServletResponse().setStatus(SC_OK);
 } else {
   getHttpServletResponse().setStatus(sc);
 }
}

Original issue reported on code.google.com by pavel.ro...@gmail.com on 11 Feb 2012 at 6:39