ASP.net AppendHeader 无法在 ASP MVC 中工作

发布于 2024-09-05 19:11:30 字数 1316 浏览 1 评论 0原文

如果我还使用授权过滤器，那么我在使 AppendHeader 正常工作时遇到问题。我在 AJAX 操作中使用了一个 actionfilter，它应用了 Expires、Last-Modified、Cache-Control 和 Pragma（尽管在测试时我尝试将其包含在操作方法本身中，结果没有任何变化）。

如果我没有授权过滤器，则标头可以正常工作。添加过滤器后，我尝试添加的标头就会被删除。

我想要添加的标题

Response.AppendHeader("Expires", "Sun, 19 Nov 1978 05:00:00 GMT");
Response.AppendHeader("Last-Modified", String.Format("{0:r}", DateTime.Now));
Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate");
Response.AppendHeader("Cache-Control", "post-check=0, pre-check=0");
Response.AppendHeader("Pragma", "no-cache");

正确页面的标题示例：

Server ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:22:24 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache
Expires Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified   Mon, 14 Jun 2010 18:22:24 GMT
Cache-Control   no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type    text/html; charset=utf-8
Content-Length  352
Connection  Close

以及错误页面的标题示例：

Server  ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:27:34 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache, no-cache
Cache-Control   private, s-maxage=0
Content-Type    text/html; charset=utf-8
Content-Length  4937
Connection  Close

原文

I'm having problems getting AppendHeader to work properly if I am also using an authorize filter. I'm using an actionfilter for my AJAX actions that applies Expires, Last-Modified, Cache-Control and Pragma (though while testing I have tried including it in the action method itself with no change in results).

If I don't have an authorize filter the headers work fine. Once I add the filter the headers I tried to add get stripped.

The headers I want to add

Response.AppendHeader("Expires", "Sun, 19 Nov 1978 05:00:00 GMT");
Response.AppendHeader("Last-Modified", String.Format("{0:r}", DateTime.Now));
Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate");
Response.AppendHeader("Cache-Control", "post-check=0, pre-check=0");
Response.AppendHeader("Pragma", "no-cache");

An example of the headers from a correct page:

Server ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:22:24 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache
Expires Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified   Mon, 14 Jun 2010 18:22:24 GMT
Cache-Control   no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type    text/html; charset=utf-8
Content-Length  352
Connection  Close

And from an incorrect page:

Server  ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:27:34 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache, no-cache
Cache-Control   private, s-maxage=0
Content-Type    text/html; charset=utf-8
Content-Length  4937
Connection  Close

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

丶情人眼里出诗心の 2024-09-12 19:11:32

要管理输出缓存，您可以使用 OutputCache 属性操作

编辑

如果您正在查看 AuthorizeAttribute 源代码，您将看到它覆盖了输出缓存策略，原因在此代码的注释中：

 if (AuthorizeCore(filterContext.HttpContext)) {
        // ** IMPORTANT **
        // Since we're performing authorization at the action level, the authorization code runs
        // after the output caching module. In the worst case this could allow an authorized user
        // to cause the page to be cached, then an unauthorized user would later be served the
        // cached page. We work around this by telling proxies not to cache the sensitive page,
        // then we hook our custom authorization code into the caching mechanism so that we have
        // the final say on whether a page should be served from the cache.

        HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
        cachePolicy.SetProxyMaxAge(new TimeSpan(0));
        cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);

...
}

To manage the output cache you can use OutputCache attribute on your Action

EDIT

If you are looking to the AuthorizeAttribute source code, you will see it overrides the output cache policy and the reason is in comments in this code:

 if (AuthorizeCore(filterContext.HttpContext)) {
        // ** IMPORTANT **
        // Since we're performing authorization at the action level, the authorization code runs
        // after the output caching module. In the worst case this could allow an authorized user
        // to cause the page to be cached, then an unauthorized user would later be served the
        // cached page. We work around this by telling proxies not to cache the sensitive page,
        // then we hook our custom authorization code into the caching mechanism so that we have
        // the final say on whether a page should be served from the cache.

        HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
        cachePolicy.SetProxyMaxAge(new TimeSpan(0));
        cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);

...
}

回复收藏 0 原文

~没有更多了~