[wp-trac] [WordPress Trac] #21938: Add "no-store" to Cache-Control header to prevent history caching of admin resources

WordPress Trac noreply at wordpress.org
Thu Jun 8 14:28:50 UTC 2023 

#21938: Add "no-store" to Cache-Control header to prevent history caching of admin
resources
----------------------------+--------------------------
 Reporter:  soulseekah      |       Owner:  johnbillion
     Type:  enhancement     |      Status:  accepted
 Priority:  normal          |   Milestone:  6.3
Component:  Administration  |     Version:  3.4
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:  privacy
----------------------------+--------------------------
Changes (by Dharm1025):

 * keywords:  has-patch needs-testing => has-patch


Comment:

 == Test Report
 This report validates that the indicated patch addresses the issue.

 Patch tested: https://github.com/WordPress/wordpress-develop/pull/4570

 === Environment
 * OS: macOS Ventura 13.0
 * Web Server: nginx/1.25.0
 * PHP: 7.4.33
 * WordPress: 6.3-alpha-55505-src
 * Browser: Chrome Version 113.0.5672.126 (Official Build) (arm64)
 * Theme: Twenty Twenty-Three
 * Active Plugins: -

 === Test Results
 ✅ Works as expected with a patch.

 I have tested the patch as per testing instructions and it works as
 expected.


 **Before Patch:**

 Cache-Control Header:
 1. Front-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0`
 2. Front-end (not logged in): No Cache-Control present
 3. Back-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0`
 4. wp-login.php page: `Cache-Control: no-cache, must-revalidate, max-
 age=0`

 Login to wp-admin, then logout and press the back button in the browser
 shows the previous wp-admin page.

 **After Patch:**

 Cache-Control Header:
 1. Front-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0, no-store, private`
 2. Front-end (not logged in): No Cache-Control present
 3. Back-end (logged in): `Cache-Control: no-cache, must-revalidate, max-
 age=0, no-store, private`
 4. wp-login.php Page: `Cache-Control: no-cache, must-revalidate, max-
 age=0`

 Login to wp-admin, then logout and press the back button in the browser
 shows the wp-login page.


 Thanks

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/21938#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list