hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove security problem with returning last-modified headers when logged in

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/trunk@2769 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Graham Triggs
2008-02-29 15:29:43 +00:00
parent be236dc6aa
commit 5152d0e65d
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/DSpaceObjectServlet.java
View File

@@ -73,17 +73,28 @@ public class DSpaceObjectServlet extends DSpaceServlet
{
Item item = (Item) dso;
response.setDateHeader("Last-Modified", item
.getLastModified().getTime());
// Check for if-modified-since header
long modSince = request.getDateHeader("If-Modified-Since");
if (modSince != -1 && item.getLastModified().getTime() < modSince)
// Only use last-modified if this is an anonymous access
// - caching content that may be generated under authorisation
// is a security problem
if (context.getCurrentUser() == null)
{
// Item has not been modified since requested date,
// hence bitstream has not; return 304
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
response.setDateHeader("Last-Modified", item
.getLastModified().getTime());
// Check for if-modified-since header
long modSince = request.getDateHeader("If-Modified-Since");
if (modSince != -1 && item.getLastModified().getTime() < modSince)
{
// Item has not been modified since requested date,
// hence bitstream has not; return 304
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
}
else
{
// Display the item page
displayItem(context, request, response, item);
}
}
else
{