#125 Secure pages can be cached in browser - Website

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#125 ✓wontfix

Secure pages can be cached in browser

Reported by Dimitris Apostolou | February 9th, 2014 @ 11:27 PM

Reproducibility: always

What happened:
Secure pages can be cached in browser. Cache control is not set in HTTP header nor HTML header. Sensitive content can be recovered from browser storage.

Expected result:
Secure pages cannot be cached in browser.

Solution:
Set HTTP header with: 'Pragma: No-cache' and 'Cache-control: No-cache'.
Alternatively, this can be set in the HTML header by:

but some browsers may have problem using this method.

Comments and changes to this ticket

You flagged this item as spam.
Dimitris Apostolou February 9th, 2014 @ 11:31 PM
Alternatively, this can be set in the HTML header by:
```
<META HTTP-EQUIV='Pragma' CONTENT='no-cache'> 
<META HTTP-EQUIV='Cache-Control' CONTENT='no-cache'>
```
but some browsers may have problem using this method.
steve February 10th, 2014 @ 12:03 AM
- State changed from “new” to “wontfix”
- Importance changed from “” to “Low”
Hi Dimitirs,

caching in this case is wanted behavior to improve browser speed. Deactivating caching would not help a lot since an entry would remain in the browser history.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Organize issues related to http://gpgtools.org

Shared Ticket Bins (Sort)

↓↑ drag 10 Open tickets
↓↑ drag 0 Resolved tickets
↓↑ drag 0 This week's tickets

Gpgtools Website

Secure pages can be cached in browser

Comments and changes to this ticket

Dimitris Apostolou February 9th, 2014 @ 11:31 PM

steve February 10th, 2014 @ 12:03 AM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages

Gpgtools Website

Keyword searching

Secure pages can be cached in browser

Comments and changes to this ticket

Dimitris Apostolou February 9th, 2014 @ 11:31 PM

steve February 10th, 2014 @ 12:03 AM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages