[wp-trac] [WordPress Trac] #57627: The Cache-Control header for logged-in pages should include `private`
WordPress Trac
noreply at wordpress.org
Wed Jun 21 18:25:55 UTC 2023
#57627: The Cache-Control header for logged-in pages should include `private`
--------------------------------------+--------------------------
Reporter: markdoliner | Owner: johnbillion
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.3
Component: Administration | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses: privacy
--------------------------------------+--------------------------
Changes (by johnbillion):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"55968" 55968]:
{{{
#!CommitTicketReference repository="" revision="55968"
Administration: Add the `no-store` and `private` directives to the `Cache-
Control` header when preventing caching for logged in users.
The intention behind this change is to prevent sensitive data in responses
for logged in users being cached and available to others, for example via
the browser history after the user logs out.
The `no-store` directive instructs caches in the browser or within proxies
not to store the response in the cache. This is subtly different from the
`no-cache` directive which means the response can be cached but must be
revalidated before re-use. WordPress does not use ETag headers by default
therefore this does not achieve the same result.
The `private` directive complements the `no-store` directive by specifying
that the response contains private information that should not be stored
in a public cache. Som
e proxy caches may ignore the `no-store` directive but respect the
`private` directive, thus it is included.
The existing `Cache-Control` header for users who are not logged in
remains unchanged, and the existing cache prevention directives remain in
place for backwards compatib
ility.
Props soulseekah, luehrsen, Dharm1025, markdoliner, rutviksavsani,
ayeshrajans, paulkevan, clorith, andy786, johnbillion
Fixes #21938, Fixes #57627
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57627#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list