Ensure OpenID related responses aren't cached by proxies

We should never cache a reply coming from an OpenID related exchange as there may be a cookie header embedded in it. Signed-off-by: Shawn O. Pearce <sop@google.com>
2009-08-01 12:46:49 -07:00
parent 4f1ca7179b
commit daedeb4b19
1 changed files with 2 additions and 0 deletions
--- a/src/main/java/com/google/gerrit/server/rpc/OpenIdServiceImpl.java
+++ b/src/main/java/com/google/gerrit/server/rpc/OpenIdServiceImpl.java
@@ -219,6 +219,8 @@ class OpenIdServiceImpl implements OpenIdService {
      debugRequest(req);
    }

+    callFactory.get().noCache();
+
    final String openidMode = req.getParameter(OPENID_MODE);
    if (OMODE_CANCEL.equals(openidMode)) {
      cancel(req, rsp);