#8153 Stronger no-cache headers

v1.7.0
closed
security (34)
General
nobody
2017-06-27
2017-05-01
No

If you're logged in and then log out, hitting the back button will still show the previous page(s) potentially with private info on them.

Pylons defaults to Cache-Control: no-cache header, but that isn't always enough and there are a lot more caching directives that can be included in there.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2017-05-01
    • status: in-progress --> review
     
  • Dave Brondsema

    Dave Brondsema - 2017-05-01

    On branch db/8153

     
  • Kenton Taylor - 2017-05-02
    • status: review --> closed
     
  • Kenton Taylor - 2017-05-02

    Merged.

     
  • Dave Brondsema

    Dave Brondsema - 2017-06-27
    • Milestone: unreleased --> v1.7.0
     

Log in to post a comment.