[wp-trac] [WordPress Trac] #61711: Password-protected pages lacking appropriate 'Cache-Control' request header

WordPress Trac noreply at wordpress.org
Thu Jan 23 19:58:30 UTC 2025


#61711: Password-protected pages lacking appropriate 'Cache-Control' request header
-------------------------------------------------+-------------------------
 Reporter:  brevilo                              |       Owner:
                                                 |  johnbillion
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  normal                               |   Milestone:  6.8
Component:  Posts, Post Types                    |     Version:  2.0.5
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-testing-info has-      |     Focuses:
  unit-tests 2nd-opinion                         |
-------------------------------------------------+-------------------------

Comment (by brevilo):

 Thanks John, you might be right there. I opted for `private` in my
 proposed fix as I wanted to take the reverse proxy cache entirely out of
 the equation, to be on the safe side with regards to fixing the problem I
 saw.

 I didn't question the alternative approach by haozi since it also fixed
 the problem in my tests and my experience with reverse proxy caching is
 limited.

 So, yes, `private` is less efficient, but that's probably justified for
 protected content. The same is probably true for when to send that header.
 I'd expect that to be required for the password entry page as well as for
 the protected pages themselves.

 Cheers

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61711#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list