I have a vaadin 7 application to download a csv file. when I set the streamResource.setCacheTime(0); Cache-Control: no-cache set in reponse header of the csv file.
but how to set no-store also in the response header of the resource. I just want to stop retaining my csv file in browser. so the attacker can not use it.
following method not works streamResource.getStream().setParameter("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
nor this one also
response.setHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
please help
streamResource.getStream().setParameter(...) does not work because getStream() creates a new instance every time it's invoked.
What you could do is to create a custom subclass of StreamResource that overrides getStream() to make further changes to the original stream before returning it, i.e. something like this:
public class NoStoreStreamResource extends StreamResource {
public NoStoreStreamResource(StreamSource streamSource, String filename) {
super(streamSource, filename);
}
@Override
public DownloadStream getStream() {
DownloadStream ds = super.getStream();
ds.setParameter("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
return ds;
}
}