[wp-trac] [WordPress Trac] #61711: Password-protected pages lacking appropriate 'Cache-Control' request header
WordPress Trac
noreply at wordpress.org
Thu Dec 5 18:25:46 UTC 2024
#61711: Password-protected pages lacking appropriate 'Cache-Control' request header
-------------------------------------------------+-------------------------
Reporter: brevilo | Owner:
| johnbillion
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 6.8
Component: Security | Version: 2.0.5
Severity: normal | Resolution:
Keywords: has-patch needs-testing has- | Focuses:
testing-info |
-------------------------------------------------+-------------------------
Comment (by ironprogrammer):
Thanks for the patch and testing, folks!
== Test Report
Patch tested: https://github.com/WordPress/wordpress-develop/pull/7858
=== Environment
- Hardware: MacBook Pro Apple M1 Pro
- OS: macOS 14.7.1
- Browser: Safari 18.1.1
- Server: nginx/1.27.3
- PHP: 8.4.1 (gd)
- MySQL: 8.0.27
- WordPress: 6.8-alpha-59274-src / WP-CLI 2.11.0
=== Actual Results
When not logged in:
- ✅ On a password-protected post (before entering a password), the
headers include `Cache-Control: no-cache, must-revalidate, max-age=0`.
=== Additional Notes
- After entering the password on the post, the `Cache-Control` header is
no longer present.
- The `no-store, private` directives are additionally
[https://github.com/WordPress/wordpress-
develop/blob/6f47a2c453e5e272c3f33cc5438c51e20a95d7f2/src/wp-
includes/functions.php#L1495-L1497 added for logged-in users].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61711#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list