/**
* Sets the last-modified header field and the expires field.
*
* @param when
*/
protected final void setLastModified(Date when) {
if (when == null) {
return;
}
if (when.before(app().getBootDate())) {
// last-modified can not be before the Gitblit boot date
// this helps ensure that pages are properly refreshed after a
// server config change
when = app().getBootDate();
}
int expires = app().settings().getInteger(Keys.web.pageCacheExpires, 0);
WebResponse response = (WebResponse) getResponse();
response.setLastModifiedTime(Time.valueOf(when));
response.setDateHeader(
"Expires", System.currentTimeMillis() + Duration.minutes(expires).getMilliseconds());
}
@Override
protected void setHeaders(WebResponse response) {
// set canonical link as http header for SEO (issue-304)
// https://support.google.com/webmasters/answer/139394?hl=en
response.setHeader("Link", MessageFormat.format("<{0}>; rel=\"canonical\"", getCanonicalUrl()));
int expires = app().settings().getInteger(Keys.web.pageCacheExpires, 0);
if (expires > 0) {
// pages are personalized for the authenticated user so they must be
// marked private to prohibit proxy servers from caching them
response.setHeader("Cache-Control", "private, must-revalidate");
setLastModified();
} else {
// use default Wicket caching behavior
super.setHeaders(response);
}
// XRF vulnerability. issue-500 / ticket-166
response.setHeader("X-Frame-Options", "SAMEORIGIN");
}