[#20016] - Also set Cache-Control private (proxies should not cache this) and max-age=0 (modern way) when browser caching is OFF
- Closed
- 16 Jul 2018
- Medium
- Build: staging
- # 20016
- Diff
- ggppdk:also_set_max_age_0_when_browser_cache_off
- Pending hound Hound is busy reviewing changes... Details
User tests: Successful: Unsuccessful:
Pull Request for Issue #20008
Summary of Changes
Normally when max-age=NNN is missing from the HTTP header:
Cache-Control
then browser and proxies should respect the "Expires" header, but issue #20008 says otherwise
There is no harm to also set Cache-Control: max-age=0' , inCache-Control` header when browser caching is OFF, because it instructs to do what we already request with the rest of the headers
Also added Cache-Control: private so that proxies should not cache the response, despite not being
the above should not be needed because the response is supposed to not be cached anyway , but i see that is not uncommon to be added it when max-age=0 and we do not know if the current page is only meant for a single user
Testing Instructions
Install PR in an installation that does not enable browser caching (e.g. default installation) and examine
Expected result
The Cache-Control header of the response, includes
private
max-age=0
Actual result
It does not
Documentation Changes Required
Maybe
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
Hi, thanks for reviewing this
Indeed you see:
Cache-Control: max-age=0,
but this inside the request headers, not the response headers
Browsers will try to ask server for non-cached page response when you click
(CTRL-)F5 (or whatever you browser is having as refresh)
and maybe when you visit a page for first time or you hit enter in address bar
What the server will do with such a request is up to the server
Typically if the page is a public page (cache-control: public pages) then such a request will be ignored by server / proxies and returned cached data anyway to avoid someone exploiting this to make an attack on server
but if user is logged then possibly non-cached data ... depends on server / proxies and web application
Thanks for the clarifcation
Thanks anyone spending time on this PR
No interest in spending more on it by me
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-07-16 05:37:34 |
| Closed_By | ⇒ | ggppdk | |
| Labels |
Added:
?
|
||
am i misunderstanding this because before this PR I do get max-age=0