无法使用 PreSendRequestHeaders() 覆盖 IIS 中的 http 缓存标头
历史:
出于安全考虑,我们的组织希望通过向 IIS 添加 HTTP 标头来禁用缓存。
过期:-1
编译指示:无缓存
缓存控制:无缓存、无存储
添加这些标头会导致 MIME“application/vnd.ms-excel”响应类型在 SSL 中进行故障转移IE6。 Microsoft 承认这是一个错误 (http://support.microsoft.com/kb/323308 )并且他们的解决方案也有效。然而,该解决方案必须作为补丁在整个组织中推广,并且面临更高管理层的阻力。
问题:
同时,我们正在尝试通过使用 PreSendRequestHeaders() 函数上的 HTTPModules 覆盖 IIS 设置 MIME 类型“application/vnd.ms-excel”页面的 HTTP 标头来寻找替代方案
//this is just a sample code
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += new EventHandler(context_PreSendRequestHeaders);
}
protected void context_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
if(application.Response.ContentType == "application/vnd.ms-excel; name=DataExport.xls")
{
application.Response.ClearHeaders();
application.Response.ContentType = "application/vnd.ms-excel; name=DataExport.xls";
application.Response.AddHeader("Content-Transfer", "Encoding: base64");
application.Response.AddHeader("Content-Disposition", "attachment;filename=DataExport.xls");
application.Response.AddHeader("cache-control","private");
}
}
即使使用 ClearHeaders() 清除标头后,IIS 仍会在发送响应之前附加缓存标头。
问题:
在 PreSendRequestHeaders() 函数中使用 ClearHeaders() 的这种方法是否错误? 他们是否有使用 ASP.NET 1.1 中可用的库来覆盖缓存标头(Expires、Pragma、cache-control)的替代方案?
其他:
我们正在使用
浏览器:IE6 SP 3
服务器:IIS 6
平台:.NET 1.1
History:
Due to security considerations, our organization wants to disable caching by adding HTTP Headers to IIS.
Expires: -1
Pragma: no-cache
Cache Control: No-cache, No-store
Adding these headers cause MIME "application/vnd.ms-excel" response types to fail over SSL in IE6. Microsoft ackowledges this is as a bug (http://support.microsoft.com/kb/323308) and their solution also works. However, this solution has to pushed as a patch throughout the entire organization and that faces resistance from higher management.
Problem:
Meanwhile, we are trying to find alternatives by overriding IIS set HTTP headers for pages that have MIME type "application/vnd.ms-excel" using HTTPModules on PreSendRequestHeaders() function
//this is just a sample code
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += new EventHandler(context_PreSendRequestHeaders);
}
protected void context_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
if(application.Response.ContentType == "application/vnd.ms-excel; name=DataExport.xls")
{
application.Response.ClearHeaders();
application.Response.ContentType = "application/vnd.ms-excel; name=DataExport.xls";
application.Response.AddHeader("Content-Transfer", "Encoding: base64");
application.Response.AddHeader("Content-Disposition", "attachment;filename=DataExport.xls");
application.Response.AddHeader("cache-control","private");
}
}
Even after clearing headers using ClearHeaders(), IIS still appends Cache Headers before sending the response.
Questions:
Is this approach of using ClearHeaders() in PreSendRequestHeaders() function wrong?
Are they any alternatives to override cache headers(Expires,Pragma,cache-control) using libraries available in ASP.NET 1.1?
Misc:
We are using
Browser : IE6 SP 3
Server : IIS 6
Platform : .NET 1.1
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在 IIS 7.5+ 中,使用 URL 重写扩展 并添加出站,这会变得更容易规则去除 Cache-Control 标头和 Pragma 标头中的“no-store”值。这个规则集可以解决问题:
This becomes easier with IIS 7.5+ using using the URL Rewrite extention and adding an outbound rule to strip off the "no-store" value in the Cache-Control header, and the Pragma header. This rule set would do the trick:
请参阅:
缓存-control: no-store, Must-revalidate not sent to client browser in IIS7 + ASP.NET MVC
您必须在 PreSendRequestHeaders 处理程序中使用以下调用序列才能正确设置无缓存标头,否则 Cache-Control 标头稍后会被覆盖:
Please see:
Cache-control: no-store, must-revalidate not sent to client browser in IIS7 + ASP.NET MVC
You must use the following sequence of calls inside your PreSendRequestHeaders handler to correctly set the no-cache headers, otherwise the Cache-Control header gets overwritten later: