Issue
I have a vaadin 7 application to download a csv file. when I set the streamResource.setCacheTime(0);
Cache-Control: no-cache set in reponse header of the csv file.
but how to set no-store also in the response header of the resource. I just want to stop retaining my csv file in browser. so the attacker can not use it.
following method not works streamResource.getStream().setParameter("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
nor this one also
response.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
please help
Solution
streamResource.getStream().setParameter(...)
does not work because getStream()
creates a new instance every time it's invoked.
What you could do is to create a custom subclass of StreamResource
that overrides getStream()
to make further changes to the original stream before returning it, i.e. something like this:
public class NoStoreStreamResource extends StreamResource {
public NoStoreStreamResource(StreamSource streamSource, String filename) {
super(streamSource, filename);
}
@Override
public DownloadStream getStream() {
DownloadStream ds = super.getStream();
ds.setParameter("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
return ds;
}
}
Answered By - Leif Åstrand
Answer Checked By - David Marino (JavaFixing Volunteer)