Glassfish 3.1.2, Mojarra 2.1.6, SSL activated
I have an question about static resource caching. I´ve read some posts about this but I´m not sure which options we should use. This
https://developers.google.com/speed/docs/best-practices/caching
is also an good article about resource caching. Within our application server SSL is activated. We see that static resources (images, scripts, css) are not cached.
Here is my test filter:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String uri = httpRequest.getRequestURI();
if (GET_METHOD.equalsIgnoreCase(httpRequest.getMethod()) && uri.contains(ResourceHandler.RESOURCE_IDENTIFIER)) {
httpResponse.setDateHeader("Expires", System.currentTimeMillis() + 2419200000L); // 1 month in future.
httpResponse.setDateHeader("Last-Modified", System.currentTimeMillis() - 2419200000L); // 1 month in past.
httpResponse.setHeader("Cache-Control", "public"); // Secure caching
}
}
chain.doFilter(request, response);
}
- Expires: Ok. It´s an static resource that doesn´t change, so we set the expiration date one month in the future.
- Last Modified: Not sure. I´ve read that setting this to the past has also impaces on caching
- Cache-Control: Ok. Allow secure caching. Security impacts?
Are there any impacts with this settings? I´ve also read a lot of posts where caching should be disabled through an filter. The only problem I see is that users could have a problem on a new release. Styles and Scripts could be changed in the new release but the browser ignore the new one and use the files from cache.