Prevent disk caching of HTML5 canvas tag for drawImage in RAP

Question

Using RAP for drawing images into a canvas which is done on the client side using the HTML5 canvas tag works nicely.

Assuming you use Eclipse the images being produced on the server side can be found under <YOUR WORKSPACE>\.metadata\.plugins\org.eclipse.rap.tools.launch\<YOUR LAUNCH CONFIG>\.metadata\.plugins\org.eclipse.rap.ui\context\rwt-resources\generated.

But all these images are also cached on the disk on the client side. These can easily be recovered using the stored hex dump. But for security constraints these must not be cached respectively only be cached in memory.

So I:

• edited the index.html which was nonsense since I don't want this file but the transferred images not to be cached
• tried to edit the GET header but it turns out that GET was already correctly modified
• tried to edit the POST header but it turns out that POST by definition doesn't cache anything as long as it is not specifically defined which isn't the case here
  • cf. RFC:2616 Section:9.5 Topic:POST
• checked if the issue is related to the canvas tag itself (like assumed for toBlob in this SO thread)
• checked if this is related to HTML5's application cache

But I found nothing in the RAP client and nothing in the HTML5 documentation for the specific objects that relates to the issue. So my question is if you have any ideas how I can change the behaviour of caching images using the HTML5 canvas object with regards to RAP.

Update#1

Yes ralfstx, GC.drawImage(Image) is used to draw images to the canvas. Please have a look at the following screenshot. This is what you will see when you have drawn an image and access the browser cache. We simply ensure the server address to the image is inaccessible by shutting the server down.

If you want to see which image was actually drawn in this session copy all (CTRL+A & cursor inside the RAW Paste Data) contents from this pastebin snippet and paste them here.

Update#2

Progress of corresponding enhancement request

Answer 1

The images are not cached on the client, but on the server side.

I assume that you use the method GC.drawImage(Image) to draw your images in the Canvas. Whenever you create an SWT Image, a file is created on the server in context/rwt-resources/generated/. Since the same image may be used from different places, this file is not cleaned up (see Bug 334367: Image#dispose() does not unregister its resource from ResourceManager).

Update

Sorry, I missed that you were talking about the browser cache. Of course, the browser will also cache the images. We can't currently prevent this, because the images are registered as static resources and delivered by the servlet container and we can't control the cache headers.

As a workaround, you might consider to deliver your sensitive images using a service handler and embed it using markup support. There are plans to wrap those external resources in SWT images. If you're interested, please file an enhancement request.