[
https://issues.apache.org/jira/browse/SHINDIG-1167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12752960#action_12752960
]
Kevin Brown commented on SHINDIG-1167:
--------------------------------------
I'm not sure I follow here. OAuth requests shouldn't be cached at all -- only
2-legged requests can be cached. Caching anything with an access token present
is problematic.
> HttpCache ignores authorization headers
> ---------------------------------------
>
> Key: SHINDIG-1167
> URL: https://issues.apache.org/jira/browse/SHINDIG-1167
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 1.0
> Reporter: Richard Wallace
>
> HttpRequest Authorization headers are being ignored when deciding if the
> HttpRequest/HttpResponse is cacheable. This is causing a problem in gadgets
> that try and use makeRequest with the OAUTH_USE_TOKEN parameter set to
> 'if_available' and then later makes a request to the same web services with
> the OAUTH_USE_TOKEN set to 'always'. It should be respecting the
> Authorization header according to the [HTTP
> spec|http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.8].
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
