Beispiel #1
0
  /**
   * Sets the last-modified header field and the expires field.
   *
   * @param when
   */
  protected final void setLastModified(Date when) {
    if (when == null) {
      return;
    }

    if (when.before(app().getBootDate())) {
      // last-modified can not be before the Gitblit boot date
      // this helps ensure that pages are properly refreshed after a
      // server config change
      when = app().getBootDate();
    }

    int expires = app().settings().getInteger(Keys.web.pageCacheExpires, 0);
    WebResponse response = (WebResponse) getResponse();
    response.setLastModifiedTime(Time.valueOf(when));
    response.setDateHeader(
        "Expires", System.currentTimeMillis() + Duration.minutes(expires).getMilliseconds());
  }
Beispiel #2
0
  @Override
  protected void setHeaders(WebResponse response) {
    // set canonical link as http header for SEO (issue-304)
    // https://support.google.com/webmasters/answer/139394?hl=en
    response.setHeader("Link", MessageFormat.format("<{0}>; rel=\"canonical\"", getCanonicalUrl()));
    int expires = app().settings().getInteger(Keys.web.pageCacheExpires, 0);
    if (expires > 0) {
      // pages are personalized for the authenticated user so they must be
      // marked private to prohibit proxy servers from caching them
      response.setHeader("Cache-Control", "private, must-revalidate");
      setLastModified();
    } else {
      // use default Wicket caching behavior
      super.setHeaders(response);
    }

    // XRF vulnerability. issue-500 / ticket-166
    response.setHeader("X-Frame-Options", "SAMEORIGIN");
  }