Thanks Sergey. The setNoCache(false) did not work for me. Also avoiding setting the cache-control header still raised no-cache received on client side. I'll try using the HttpServletResponse... Though, hoped to find a simpler way :-)
T. -----Original Message----- From: Sergey Beryozkin [mailto:[email protected]] Sent: Monday, February 14, 2011 3:22 PM To: [email protected] Subject: Re: REST response over https - no-cache always set I run the jaxrs https test locally, without explicitly setting Cache-Control no such header is returned and if I call setNoCache(false): CacheControl control = new CacheControl(); control.setNoCache(false); return Response.ok().cacheControl(control).entity(doGetBook(id)).build(); then the client code shows that no 'no-cache' value is present in the Cache-Control header. But the test is using the emdedded Jetty. Thus it seems like the servlet container that you use forces this value. I'm looking at http://stackoverflow.com/questions/3788766/forcing-no-cache-for-internet-explorer-over-https-with-http-response-headers I guess what you can try to do is to have @Context HttpServletResponse response; injected and then do response.reset() before continuing using Response, just to verify it works. If it does then you may consider coding against the injected HttpServletResponse only. I'd also consider not injecting HttpServletResponse and instead creating a custom Servlet filter which would only do response.reset() before delegating further. Let me know if it helps Sergey On Mon, Feb 14, 2011 at 12:46 PM, Sergey Beryozkin <[email protected]> wrote: > Hi > > Sorry for a delay... > > On Mon, Feb 14, 2011 at 8:10 AM, Tamar Furman (tfurman) > <[email protected]> wrote: >> Hi - >> >> I'm straggling this problem for several days and will appreciate any >> help. >> >> I'm using CXF 2.2.6 providing REST services over https. I have the >> following problem with download function via rest. The method returns >> ws.rs.Response and encapsulates in the content a download file. All >> works nice with Firefox but fails on IE8. There is a known bug on IE8 >> that requires that such https response avoid 'no-cache' header. >> However no matter how I build the response header it seams that the >> ResponseBuilder puts in the 'no-cache' one and I can't get rid of it. >> >> Here is a snip of my code: >> >> CacheControl cc = new CacheControl(); >> cc.setNoStore(true); >> cc.setNoCache(false); >> Response res = Response.ok(file). >> type("application/octet"). >> cacheControl(cc). >> header("Content-Disposition", >> "attachment; filename=" + fileName). >> >> header("Content-Length:",Long.toString(file.length())). >> build(); >> >> >> >> also tried: >> header("Cache-Control", "no-store"). >> header("Cache-Control", "private, max-age=1"). >> header("Pragma", "no-store"). >> >> >> >> No matter what, I always see the following headers return to the client: >> >> Pragma No-cache >> Cache-Control no-cache, no-store;no-transform >> >> Any idea how can I solve this with this cxf ResponseBuilder? >> > > What happens if you do not use the CacheControl utility at all ? > > I'm wondering, is it the underlying HTTPS implementation that forces > the 'no-cache' value ? > > Cheers, Sergey > >> Thanks, >> T. >> >
