[wp-trac] [WordPress Trac] #57627: The Cache-Control header for logged-in pages should include `private`

WordPress Trac noreply at wordpress.org
Thu Jun 8 14:27:13 UTC 2023 

#57627: The Cache-Control header for logged-in pages should include `private`
--------------------------------------+--------------------------
 Reporter:  markdoliner               |       Owner:  johnbillion
     Type:  defect (bug)              |      Status:  accepted
 Priority:  normal                    |   Milestone:  6.3
Component:  Administration            |     Version:
 Severity:  normal                    |  Resolution:
 Keywords:  has-patch has-unit-tests  |     Focuses:  privacy
--------------------------------------+--------------------------
Changes (by Dharm1025):

 * keywords:  has-patch has-unit-tests needs-testing => has-patch has-unit-
     tests


Comment:

 == Test Report
 This report validates that the indicated patch addresses the issue.

 Patch tested: https://github.com/WordPress/wordpress-develop/pull/4570

 === Environment
 * OS: macOS Ventura 13.0
 * Web Server: nginx/1.25.0
 * PHP: 7.4.33
 * WordPress: 6.3-alpha-55505-src
 * Browser: Chrome Version 113.0.5672.126 (Official Build) (arm64)
 * Theme: Twenty Twenty-Three
 * Active Plugins: -

 === Test Results
 ✅ Works as expected with a patch.

 I have tested the patch as per testing instructions and it works as
 expected.


 **Before Patch:**

 Cache-Control Header:
 1. Front-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0`
 2. Front-end (not logged in): No Cache-Control present
 3. Back-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0`
 4. wp-login.php page: `Cache-Control: no-cache, must-revalidate, max-
 age=0`

 Login to wp-admin, then logout and press the back button in the browser
 shows the previous wp-admin page.

 **After Patch:**

 Cache-Control Header:
 1. Front-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0, no-store, private`
 2. Front-end (not logged in): No Cache-Control present
 3. Back-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0, no-store, private`
 4. wp-login.php Page: `Cache-Control: no-cache, must-revalidate, max-
 age=0`

 Login to wp-admin, then logout, press the back button in the browser shows
 the wp-login page.


 Thanks

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57627#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list