[wp-trac] [WordPress Trac] #57627: The Cache-Control header for logged-in pages should include `private`
WordPress Trac
noreply at wordpress.org
Sat Feb 4 20:42:05 UTC 2023
#57627: The Cache-Control header for logged-in pages should include `private`
--------------------------+------------------------------
Reporter: markdoliner | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by ayeshrajans):
Hi @markdoliner, welcome to WordPress Trac.
Thank you for opening this ticket. This indeed looks like something we
have to improve.
After reading #21938 (to add `no-store`) and yours, I also think choosing
`private` over `no-store` makes more sense, because going back the browser
history is an absolute valid use-case that we don't have to disallow. I
also understand that the browsers probably stores the authenticated pages
in cache if the user logs out, but this can also be solved with a Clear-
Site-Data. I maintain a plugin (https://wordpress.org/plugins/clear-
logout/) that does just that.
You are also right that the change should ideally be in
`wp_get_nocache_headers` function. Patching that would be trivial with a
single-line diff, but perhaps this is something we can add a headless
browser test as well?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57627#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list