Hi,
We use the WebCaptcha control on our .NET application
A security audit found that the handler "WebCaptachImage.axd" doesn't provide required http-header:
- Cache-control:no-cache, nostore
- Pragma:no-cache
How can we definie those http header on response of WebCaptachImage.axd http request.
Best regards
Hello isilog,
I am following up to see if the information provided has resolved this matter.
Please let me know if I may be of further assistance with this matter.
Sincerely,Mike P.Developer Support Engineer IIInfragistics, Inc.www.infragistics.com
Thank you for your patience. I have done some further looking into this matter and have discussed this with our development team and I have the following information:
The WebCaptcha currently doesn’t have any events that it raises what would allow you to do this. What they can do is create their own control that inherits from our WebCaptcha and override WebCaptcha’s protected override void OnPreRender(EventArgs e) method. In this method is where it seems to be dealing with the response. Before or after you call base, you can do the following and add what you want to the header
HttpContext.Current.Response.AddHeader
Please let me know if you have any questions concerning this matter.