[TYPO3-dev] Core Behaviour: Using Cache-Control Headers to prevent _Clients_ from Caching
Ekkehard Gümbel
guembel.remove-this at naw.de
Tue Nov 21 17:04:59 CET 2006
Martin Kutschker schrieb:
> You mean use "no-cache" instead of "private"?
Instead of
Cache-Control: private
we would send
Pragma: no-cache
Cache-Control: private, must-revalidate, no-store
Expires: Thu, 01 Dec 1994 16:00:00 GMT
>> My point was that some (like Ole) MAY want to allow private caching
>> but not proxy caching, though.
>
> Something I don't understand in the current code. Private caching makes
> only sense if I set a max age otherwise it's odd that TYPO3 explicitely
> allows client side caching of non-cachable data.
Tt is not that TYPO3 explicitely allows client side caching, it just does not prevent IE from doing it (BTW:
Firefox behaves different)
I agree that
- for accurate dynamic data or
- for high security in a shared environment
this should be done, or at least a short "Expires:" or similar should be set (some do that by setting some
global apache options).
If your point ist just to prevent private data from appearing inside a proxy cache, then the current
"Cache-Control: private" is sufficient. Again: The latter statement (like the rest) is only true if all
components behave in a legal manner; we have no control about them.
later
/Ekki
More information about the TYPO3-dev
mailing list