Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 1E793200C77 for ; Mon, 1 May 2017 19:01:30 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 1D014160BAE; Mon, 1 May 2017 17:01:30 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6502B160BA0 for ; Mon, 1 May 2017 19:01:29 +0200 (CEST) Received: (qmail 12545 invoked by uid 500); 1 May 2017 17:01:26 -0000 Mailing-List: contact dev-help@allura.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@allura.apache.org Delivered-To: mailing list dev@allura.apache.org Received: (qmail 12530 invoked by uid 99); 1 May 2017 17:01:26 -0000 Received: from allura-vm.apache.org (HELO allura-vm) (140.211.11.147) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 May 2017 17:01:26 +0000 Received: from allura-vm.apache.org (localhost [127.0.0.1]) by allura-vm (Postfix) with ESMTPS id 48301280182 for ; Mon, 1 May 2017 17:01:26 +0000 (UTC) Content-Type: multipart/related; boundary="===============8945611859057224240==" MIME-Version: 1.0 To: dev@allura.apache.org From: "Dave Brondsema" Reply-To: "Ticket 8153" <8153@tickets.allura.p.forge-allura.apache.org> Subject: [allura:tickets] #8153 Stronger no-cache headers Message-ID: <590769e46d19cd2d3fd8aa37.tickets@allura.p.forge-allura.apache.org> Sender: tickets@allura.p.forge-allura.apache.org Date: Mon, 1 May 2017 17:01:26 +0000 (UTC) archived-at: Mon, 01 May 2017 17:01:30 -0000 --===============8945611859057224240== Content-Type: multipart/alternative; boundary="===============3349325148696108994==" MIME-Version: 1.0 --===============3349325148696108994== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit --- ** [tickets:#8153] Stronger no-cache headers** **Status:** in-progress **Milestone:** unreleased **Labels:** security **Created:** Mon May 01, 2017 05:01 PM UTC by Dave Brondsema **Last Updated:** Mon May 01, 2017 05:01 PM UTC **Owner:** Dave Brondsema If you're logged in and then log out, hitting the back button will still show the previous page(s) potentially with private info on them. Pylons defaults to `Cache-Control: no-cache` header, but that isn't always enough and there are a lot more caching directives that can be included in there. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list. --===============3349325148696108994== MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit

[tickets:#8153] Stronger no-cache headers

Status: in-progress
Milestone: unreleased
Labels: security
Created: Mon May 01, 2017 05:01 PM UTC by Dave Brondsema
Last Updated: Mon May 01, 2017 05:01 PM UTC
Owner: Dave Brondsema

If you're logged in and then log out, hitting the back button will still show the previous page(s) potentially with private info on them.

Pylons defaults to Cache-Control: no-cache header, but that isn't always enough and there are a lot more caching directives that can be included in there.

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

--===============3349325148696108994==-- --===============8945611859057224240==--