allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kenton Taylor" <ktay...@slashdotmedia.com>
Subject [allura:tickets] #8153 Stronger no-cache headers
Date Tue, 02 May 2017 14:50:24 GMT
- **status**: review --> closed
- **Comment**:

Merged.



---

** [tickets:#8153] Stronger no-cache headers**

**Status:** closed
**Milestone:** unreleased
**Labels:** security 
**Created:** Mon May 01, 2017 05:01 PM UTC by Dave Brondsema
**Last Updated:** Mon May 01, 2017 06:17 PM UTC
**Owner:** Dave Brondsema


If you're logged in and then log out, hitting the back button will still show the previous
page(s) potentially with private info on them.

Pylons defaults to `Cache-Control: no-cache` header, but that isn't always enough and there
are a lot more caching directives that can be included in there.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message