[wp-trac] [WordPress Trac] #21938: Add "no-store" to Cache-Control header to prevent history caching of admin resources
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 20 10:54:27 UTC 2012
#21938: Add "no-store" to Cache-Control header to prevent history caching of admin
resources
-----------------------------+----------------------------
Reporter: soulseekah | Type: enhancement
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Administration
Version: trunk | Severity: trivial
Keywords: has-patch |
-----------------------------+----------------------------
The current implementation of
[http://core.trac.wordpress.org/browser/trunk/wp-
includes/functions.php#L891 wp_get_nocache_headers] does not take into
account history caching, which results in a browser serving a cached copy
of pages from history (by pressing the Back button) even if the user has
long logged out.
[http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2 RFC 2616
14.9.2 no-store] describes this cache directive.
To repoduce: login to dashboard, logout, press the back button.
Expected: the login screen.
Reality: a copy of the previous page.
By adding the "no-store" directive to all non-cachable resources the
behavior was mitigated successfully in Chrome 21, Firefox 15. Fails on
Opera 12 (they chose to disregard "no-store" when applied to history, RFC
allows this).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21938>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list