[tickets:#8153] Stronger no-cache headers

Status: in-progress
Milestone: unreleased
Labels: security
Created: Mon May 01, 2017 05:01 PM UTC by Dave Brondsema
Last Updated: Mon May 01, 2017 05:01 PM UTC
Owner: Dave Brondsema

If you're logged in and then log out, hitting the back button will still show the previous page(s) potentially with private info on them.

Pylons defaults to Cache-Control: no-cache header, but that isn't always enough and there are a lot more caching directives that can be included in there.

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.