开发者

ASP.net AppendHeader not working in ASP MVC

问答 作者:

I'm having problems getting AppendHeader to work properly if I am also using an authorize filter. I'm using an actionfil开发者_StackOverflow中文版ter for my AJAX actions that applies Expires, Last-Modified, Cache-Control and Pragma (though while testing I have tried including it in the action method itself with no change in results).

If I don't have an authorize filter the headers work fine. Once I add the filter the headers I tried to add get stripped.

The headers I want to add

Response.AppendHeader("Expires", "Sun, 19 Nov 1978 05:00:00 GMT");
Response.AppendHeader("Last-Modified", String.Format("{0:r}", DateTime.Now));
Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate");
Response.AppendHeader("Cache-Control", "post-check=0, pre-check=0");
Response.AppendHeader("Pragma", "no-cache");

An example of the headers from a correct page:

Server ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:22:24 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache
Expires Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified   Mon, 14 Jun 2010 18:22:24 GMT
Cache-Control   no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type    text/html; charset=utf-8
Content-Length  352
Connection  Close

And from an incorrect page:

Server  ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:27:34 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache, no-cache
Cache-Control   private, s-maxage=0
Content-Type    text/html; charset=utf-8
Content-Length  4937
Connection  Close

To manage the output cache you can use OutputCache attribute on your Action

EDIT

If you are looking to the AuthorizeAttribute source code, you will see it overrides the output cache policy and the reason is in comments in this code:

 if (AuthorizeCore(filterContext.HttpContext)) {
        // ** IMPORTANT **
        // Since we're performing authorization at the action level, the authorization code runs
        // after the output caching module. In the worst case this could allow an authorized user
        // to cause the page to be cached, then an unauthorized user would later be served the
        // cached page. We work around this by telling proxies not to cache the sensitive page,
        // then we hook our custom authorization code into the caching mechanism so that we have
        // the final say on whether a page should be served from the cache.

        HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
        cachePolicy.SetProxyMaxAge(new TimeSpan(0));
        cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);

...
}

继续阅读:asp.netasp.net-mvchttp-headers

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9