ASP.net AppendHeader无法在ASP MVC中运行

时间:2010-06-14 17:38:32

标签: asp.net asp.net-mvc http-headers

如果我还使用授权过滤器,我在使AppendHeader正常工作时遇到问题。我正在为我的AJAX操作使用一个actionfilter来应用Expires,Last-Modified,Cache-Control和Pragma(虽然测试时我已经尝试将它包含在action方法本身而不改变结果)。

如果我没有授权过滤器,则标题可以正常工作。一旦我添加过滤器,我尝试添加的标题就会被剥离。

我要添加的标题

Response.AppendHeader("Expires", "Sun, 19 Nov 1978 05:00:00 GMT");
Response.AppendHeader("Last-Modified", String.Format("{0:r}", DateTime.Now));
Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate");
Response.AppendHeader("Cache-Control", "post-check=0, pre-check=0");
Response.AppendHeader("Pragma", "no-cache");

来自正确页面的标题示例:

Server ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:22:24 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache
Expires Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified   Mon, 14 Jun 2010 18:22:24 GMT
Cache-Control   no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type    text/html; charset=utf-8
Content-Length  352
Connection  Close

来自错误的页面:

Server  ASP.NET Development Server/9.0.0.0
Date    Mon, 14 Jun 2010 17:27:34 GMT
X-AspNet-Version    2.0.50727
X-AspNetMvc-Version 2.0
Pragma  no-cache, no-cache
Cache-Control   private, s-maxage=0
Content-Type    text/html; charset=utf-8
Content-Length  4937
Connection  Close

1 个答案:

答案 0 :(得分:0)

要管理输出缓存,您可以在Action上使用OutputCache属性

修改

如果您正在查看AuthorizeAttribute源代码,您将看到它覆盖了输出缓存策略,原因在于此代码中的注释:

 if (AuthorizeCore(filterContext.HttpContext)) {
        // ** IMPORTANT **
        // Since we're performing authorization at the action level, the authorization code runs
        // after the output caching module. In the worst case this could allow an authorized user
        // to cause the page to be cached, then an unauthorized user would later be served the
        // cached page. We work around this by telling proxies not to cache the sensitive page,
        // then we hook our custom authorization code into the caching mechanism so that we have
        // the final say on whether a page should be served from the cache.

        HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
        cachePolicy.SetProxyMaxAge(new TimeSpan(0));
        cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);

...
}
相关问题
最新问题