[
https://issues.apache.org/jira/browse/SHINDIG-1167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12753209#action_12753209
]
Richard Wallace commented on SHINDIG-1167:
------------------------------------------
I agree that they shouldn't be. But they are getting cached. I do not see
anywhere in the OAuthRequest#fetchData OAuth#sanitizeAndSign or any other
methods where the request is explicitly set to be non-cacheable.
> HttpCache ignores authorization headers
> ---------------------------------------
>
> Key: SHINDIG-1167
> URL: https://issues.apache.org/jira/browse/SHINDIG-1167
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 1.0
> Reporter: Richard Wallace
>
> HttpRequest Authorization headers are being ignored when deciding if the
> HttpRequest/HttpResponse is cacheable. This is causing a problem in gadgets
> that try and use makeRequest with the OAUTH_USE_TOKEN parameter set to
> 'if_available' and then later makes a request to the same web services with
> the OAUTH_USE_TOKEN set to 'always'. It should be respecting the
> Authorization header according to the [HTTP
> spec|http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.8].
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
