hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-13 13:03:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove security problem with returning last-modified headers when logged in

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/trunk@2769 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Graham Triggs
2008-02-29 15:29:43 +00:00
parent be236dc6aa
commit 5152d0e65d
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/DSpaceObjectServlet.java
View File

@@ -73,6 +73,11 @@ public class DSpaceObjectServlet extends DSpaceServlet
{ {
Item item = (Item) dso; Item item = (Item) dso;
// Only use last-modified if this is an anonymous access
// - caching content that may be generated under authorisation
// is a security problem
if (context.getCurrentUser() == null)
{
response.setDateHeader("Last-Modified", item response.setDateHeader("Last-Modified", item
.getLastModified().getTime()); .getLastModified().getTime());
@@ -91,6 +96,12 @@ public class DSpaceObjectServlet extends DSpaceServlet
displayItem(context, request, response, item); displayItem(context, request, response, item);
} }
} }
else
{
// Display the item page
displayItem(context, request, response, item);
}
}
else if (dso.getType() == Constants.COLLECTION) else if (dso.getType() == Constants.COLLECTION)
{ {
Collection c = (Collection) dso; Collection c = (Collection) dso;